Security Boulevard

JFrog Uncovers Severe React Vulnerability Threat to Software Supply Chains

The security research team at JFrog, a provider of a platform for building and deploying software, have discovered a critical vulnerability in a node ...
InfoWorld

Malicious npm package sneaks into GitHub Actions builds

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...
CSO Online

RCE in React Native CLI opens Dev Servers to attacks

The bug exposes the Metro development server to remote attacks, allowing arbitrary OS command execution on developer systems ...
The Hacker News

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities ...