Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ NPM swats path traversal bug that lets evil packages modify, steal files. That's bad for JavaScript crypto-wallets
Team IT Security Nachrichtenportal Logo

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security
RSS Feed Symbol fรผr Team IT Security 800+ IT News als RSS Feed abonnieren



๐Ÿ“š NPM swats path traversal bug that lets evil packages modify, steal files. That's bad for JavaScript crypto-wallets


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: go.theregister.co.uk

Trio of vulnerabilities made registry full of uncertain code even more of a risk

On Wednesday, NPM, Inc, the California-based biz that has taken it upon itself to organize the world's JavaScript packages into the npm registry, warned that its command line tool, the npm CLI, has a rather serious security vulnerability. Version 6.13.4 has been rushed out with a fix.โ€ฆ

...



Sharing is caring on Social Media

๐Ÿ”— Reddit
๐Ÿ”— Telegram
๐Ÿ”— LinkedIn
๐Ÿ”— Xing
๐Ÿ”— Twitter
๐Ÿ”— Whatsapp
๐Ÿ”— Facebook
๐Ÿ”— Flipboard

Join the Team IT Security Community

๐Ÿ”— "IT Sicherheit" Reddit-Gruppe
๐Ÿ”— "IT Sicherheit" Telegramm-Seite

๐Ÿ“Œ On trusting NPM: Early in the month, Lance R. Vick noticed that the maintainer of the NPM foreach package let their personal email domain expire, so they bought it and now โ€œcontrols foreach on NPM and the 36,826 projects that depend on itโ€.


๐Ÿ“ˆ 37.27 Punkte

๐Ÿ“Œ LofyLife: malicious npm packages steal Discord tokens and bank card data


๐Ÿ“ˆ 33.94 Punkte

๐Ÿ“Œ Malicious npm packages steal Discord usersโ€™ payment card info


๐Ÿ“ˆ 33.94 Punkte

๐Ÿ“Œ Malicious Npm Packages Designed to Steal Discord Tokens


๐Ÿ“ˆ 33.94 Punkte

๐Ÿ“Œ LofyGang Distributed ~200 Malicious NPM Packages to Steal Credit Card Data


๐Ÿ“ˆ 33.94 Punkte

๐Ÿ“Œ Hackers Deploy Malicious npm Packages on GitHub to Steal SSH Keys


๐Ÿ“ˆ 33.94 Punkte

๐Ÿ“Œ Oracle swats 252 bugs in patch update


๐Ÿ“ˆ 33.26 Punkte

๐Ÿ“Œ Jailed Kansas 'Swat' Perpetrator Sneaks Online, Threatens More 'Swats'


๐Ÿ“ˆ 33.26 Punkte

๐Ÿ“Œ npm packages used by crypto exchanges compromised


๐Ÿ“ˆ 32.73 Punkte

๐Ÿ“Œ NPM packages posing as speed testers install crypto miners instead


๐Ÿ“ˆ 32.73 Punkte

๐Ÿ“Œ CVE-2023-46496 | EverShop NPM up to 1.0.0-rc.7 Request api/files DELETE path traversal


๐Ÿ“ˆ 32.58 Punkte

๐Ÿ“Œ NPM JavaScript packages abused to create scambait links in bulk


๐Ÿ“ˆ 31.97 Punkte

๐Ÿ“Œ 8 NPM Packages for JavaScript Beginners [2024][+tutorials]


๐Ÿ“ˆ 31.97 Punkte

๐Ÿ“Œ 451 PyPI packages install Chrome extensions to steal crypto


๐Ÿ“ˆ 29.73 Punkte

๐Ÿ“Œ Malicious npm package caught trying to steal sensitive Discord and browser files


๐Ÿ“ˆ 28.92 Punkte

๐Ÿ“Œ WhatsApp Flaw Lets Users Modify Group Chats to Spread Fake News


๐Ÿ“ˆ 27.56 Punkte

๐Ÿ“Œ Call of Duty: Modern Warfare 'Gunsmithing' lets you modify your weapons


๐Ÿ“ˆ 27.56 Punkte

๐Ÿ“Œ CVE-2005-10002 | almosteffortless secure-files Plugin up to 1.1 on WordPress secure-files.php sf_downloads downloadfile path traversal


๐Ÿ“ˆ 27.22 Punkte

๐Ÿ“Œ Facial Recognition In Schools: Clever Tech. Bad, Bad, Bad Implementation


๐Ÿ“ˆ 26.81 Punkte

๐Ÿ“Œ Apple Executive Explains Why Sideloading Apps Is Bad, Bad, Bad


๐Ÿ“ˆ 26.81 Punkte

๐Ÿ“Œ Microsoft Edge Flaw Lets Hackers Steal Local Files


๐Ÿ“ˆ 26.43 Punkte

๐Ÿ“Œ Internet Explorer zero-day lets hackers steal files from Windows PCs


๐Ÿ“ˆ 26.43 Punkte

๐Ÿ“Œ Unpatched Internet Explorer Zero-day Vulnerability Lets Attackers Hack Windows PC & Steal Files


๐Ÿ“ˆ 26.43 Punkte

๐Ÿ“Œ Windows Remote Assistance Exploit Lets Hackers Steal Sensitive Files


๐Ÿ“ˆ 26.43 Punkte

๐Ÿ“Œ Windows Remote Assistance Exploit Lets Hackers Steal Sensitive Files


๐Ÿ“ˆ 26.43 Punkte

๐Ÿ“Œ 'Zip Slip' security hole lets evil archive files hack your computer


๐Ÿ“ˆ 25.9 Punkte

๐Ÿ“Œ rollup-plugin-dev-server on npm readFileFromContentBase path traversal


๐Ÿ“ˆ 25.51 Punkte

๐Ÿ“Œ rollup-plugin-serve on npm readFileFromContentBase path traversal


๐Ÿ“ˆ 25.51 Punkte

๐Ÿ“Œ marked-tree on npm index.js fs.readFile path traversal


๐Ÿ“ˆ 25.51 Punkte

๐Ÿ“Œ marscode on npm index.js fs.readFile path traversal


๐Ÿ“ˆ 25.51 Punkte

๐Ÿ“Œ fast-http on npm index.js fs.readFile path traversal


๐Ÿ“ˆ 25.51 Punkte

๐Ÿ“Œ CVE-2023-46497 | EverShop NPM up to 1.0.0-rc.7 Request createFolder.js mkdirSync path traversal


๐Ÿ“ˆ 25.51 Punkte

๐Ÿ“Œ CVE-2023-46493 | EverShop NPM up to 1.0.0-rc.7 Request fileBrowser/browser.js readDirSync path traversal


๐Ÿ“ˆ 25.51 Punkte

๐Ÿ“Œ CVE-2019-16777 | npm CLI up to 6.13.4 Install Script path traversal (RHSA-2020:0573)


๐Ÿ“ˆ 25.51 Punkte

๐Ÿ“Œ CVE-2019-16776 | npm CLI up to 6.13.3 Install Script bin path traversal (RHSA-2020:0573)


๐Ÿ“ˆ 25.51 Punkte











matomo

Kontakt

24/7 [email protected]

Weitere Informationen

Google Android Playstore Download Button fรผr Team IT Security
๐Ÿ”— Impressum
๐Ÿ”— Datenschutz
Paypal Spenden fรผr Projekt

Social Media

๐Ÿ”— Facebook
๐Ÿ”— Reddit
๐Ÿ”— Team IT Security als Elektron App
๐Ÿ”— © 2015-2023 Team IT Security Nachrichtenportal รผber Cybersecurity
๐Ÿ”— CMS "myDraft" a PHP Portal Software