AWS patched a critical CodeBuild flaw that risked GitHub repository hijacking and potential supply chain attacks via the AWS Management Console..

This application serves as a webhook receiver for GitHub repositories. When configured as a webhook endpoint in a GitHub repository, it: webhook-repo/ ├── app/ # Main application package │ ├── __init_ ...

A serious security vulnerability has been discovered in the default web browser of the Android OS lower than 4.4 running on a large number of Android devices that allows an attacker to bypass the Same ...

webhook-proxy/ ├── packages/ │ ├── core/ # 核心服务 (@webhook-proxy/core) │ │ ├── src/ │ │ │ ├── adapters/ # 平台适配器 ...

vm2 is a JavaScript sandbox for Node.js. Its development was actually discontinued in 2023. Another security vulnerability has been discovered in the software, allowing an escape from the secured ...

Patch meant to close a severe expression bug fails to stop attackers with workflow access Multiple newly disclosed bugs in the popular workflow automation tool n8n could allow attackers to hijack ...

Abstract: Modern JavaScript engines employ multi-tier JIT compilation for high performance, but these aggressive optimizations often introduce subtle and hard-to-detect security vulnerabilities.

Microsoft has released emergency out-of-band security updates to patch a high-severity Microsoft Office zero-day vulnerability exploited in attacks. The security feature bypass vulnerability, tracked ...

Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has been put to use by China-aligned APT actors since 2023 to target multiple ...

Amazon is warning that a Russian-speaking hacker used multiple generative AI services as part of a campaign that breached more than 600 FortiGate firewalls across 55 countries in five weeks. Attackers ...

The vulnerability is reported to UNESCO as soon as possible after its discovery. The vulnerability findings must remain confidential for at least 90 days following the date the vulnerability was ...