SecurityWeek

GeoServer Flaw Exploited in US Federal Agency Hack

CISA has shared details on the exploitation of a year-old GeoServer vulnerability to compromise a federal agency.

NPM package caught using QR Code to fetch cookie-stealing malware

Newly discovered npm package 'fezbox' employs QR codes to hide a second-stage payload to steal cookies from a user's web browser. The package, masquerading as a utility library, leverages this ...

5 ways to spot software supply chain attacks and stop worms - before it's too late

A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.
SBCNews

UKGC: finance checks and operator practices may drive customers to black market

The UK Gambling Commission is examining whether certain operator and regulatory practices and policies may drive customers to ...