The Hacker News

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized parser input.
sei.cmu

SEI Parser Demystifies Firmware to Fight Vulnerabilities

This newsletter compiles the latest SEI releases and news about the CERT UEFI Parser for inspecting firmware, webcasts on right-sized DevSecOps and on the Software Acquisition Pathway, SEI appearances ...
SecurityWeek

Critical Apache Tika Vulnerability Leads to XXE Injection

The bug allows attackers to carry out XML External Entity (XXE) injection attacks via crafted XFA files inside PDF files. A critical-severity vulnerability in the Apache Tika open source analysis ...
VentureBeat

Databricks: 'PDF parsing for agentic AI is still unsolved' — new tool replaces multi-service pipelines with single function

There is a lot of enterprise data trapped in PDF documents. To be sure, gen AI tools have been able to ingest and analyze PDFs, but accuracy, time and cost have been less than ideal. New technology ...
Bleeping Computer

Popular JavaScript library expr-eval vulnerable to RCE flaw

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. The ...
The News Journal

New Castle County police investigating report of 'suspicious package' at Claymont Library

The police agency issued a press release shortly before noon, stating that the library had been evacuated as a precautionary measure. At 12:15 p.m., police announced Lenape Way will be closed from ...
PC Magazine

PDF Agile Offers OCR, Editing, and Annotations in One User-Friendly Package

PDF Agile Offers OCR, Editing, and Annotations in One User-Friendly Package This all-in-one solution is built to handle the common frustrations of PDF work, and it's on sale now.
blockonomi

JavaScript Libraries with 2 Billion Weekly Downloads Targeted in Crypto Theft Attempt

18 popular NPM packages with over 2 billion weekly downloads were compromised through a phishing attack targeting developer “Qix” The malware functioned as a “crypto-clipper,” silently replacing ...
CoinTelegraph

Crypto users urged to take extreme care as NPM attack hits core JavaScript libraries

The breach hit core JavaScript libraries such as chalk and strip-ansi, downloaded billions of times each week, raising alarms over the security of open-source software. Hackers have compromised widely ...
Bitcoin Magazine

NPM Attack: Javascript Library Compromise Goes After Bitcoin Wallets

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by bitcoin wallets. A major NPM developer, qix, has had their account compromised.
Infosecurity-magazine.com

Malicious npm Package Masquerades as Popular Email Library

A new malicious npm package impersonating the widely used nodemailer library has been uncovered by cybersecurity researchers. The package, named “nodejs-smtp,” not only functioned as an email sender ...