[BleepingComputer] GitHub finds 7 code execution vulnerabilities in ‘tar’ and npm CLI

GitHub security team has identified several high-severity vulnerabilities in npm packages, “tar” and “@npmcli/arborist,” used by npm CLI. The tar package receives 20 million weekly downloads on average, whereas arborist gets downloaded over 300,000 times every week. […]

Source: Read More (BleepingComputer)

You might be interested in …

[ZDNet] Transdev denies data stolen by ransomware group, connects leak to September attack on client

All posts, ZDNet

The company said the cybercriminals are hawking data stolen from a client of theirs. Source: Read More (Latest topics for ZDNet in Security)

Read More

[SecurityWeek] Hacker Dubbed ‘Mr White Hat’ to Return Entire Stolen Crypto Fortune

All posts, Security Week

A firm specializing in transferring cryptocurrency said Thursday that a hacker they are calling “Mr White Hat” was giving back all $613 million in digital loot from a record haul. Poly Network had put out word previously that nearly half of the digital assets swiped early this week had been returned. read more Source: Read […]

Read More

Daily NCSC-FI news followup 2021-10-09

FinSpy: the ultimate spying tool www.kaspersky.com/blog/finspy-for-windows-macos-linux/42383/ FinSpy spyware targets Android, iOS, macOS, Windows, and Linux users. Heres what it can do and how to stay protected. At Kasperskys recent Security Analyst Summit, our experts presented a detailed report on FinSpy (aka FinFisher) spyware and its distribution methods, including some previously unknown ones. You can read […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.