CVE/vulnerability
NestJS Vulnerability Allows Code Execution on Developer Machines
A critical remote code execution vulnerability has been discovered in the popular NestJS framework that could allow attackers to execute arbitrary code on developer...
CVE/vulnerability
Critical JavaScript Library Vulnerability Exposes Apps to Remote Attacks
A critical security vulnerability has been discovered in the widely-used form-data JavaScript package, potentially exposing thousands of applications to remote attacks through predictable boundary value generation.
The...
cyber security
Weaponizing SVG: How Threat Actors Embed Malicious JavaScript in Vector Files
Cybersecurity researchers have identified an emerging attack campaign where threat actors are weaponizing Scalable Vector Graphics (SVG) files to deliver sophisticated JavaScript-based redirect attacks....
Cyber Attack
JSFireTruck Obfuscation Helps Cybercriminals Hijack Trusted Sites with Malicious JavaScript
A sophisticated and extensive cyber attack campaign has been uncovered, in which threat actors are compromising legitimate websites to inject highly obfuscated JavaScript code.
Dubbed...
cyber security
Splunk Enterprise XSS Flaw Enables Attackers to Execute Unauthorized JavaScript
Splunk has disclosed a reflected Cross-Site Scripting (XSS) vulnerability in its Enterprise and Cloud Platform products, tracked as CVE-2025-20297 and detailed in advisory SVD-2025-0601....
cyber security
Malicious NPM Packages Exploit Ethereum Wallets with Obfuscated JavaScript
A recent wave of malicious NPM packages has emerged as a significant threat to cryptocurrency users, specifically targeting Ethereum wallet holders.
Cybersecurity researchers have...
cyber security
Hackers Deploy Weaponized npm Packages to Target React and Node.js JavaScript Frameworks
Socket's Threat Research Team, a series of malicious npm packages have been found lurking in the JavaScript ecosystem for over two years, amassing more...
Browser
Hackers Target Mobile Users Using PWA JavaScript to Bypass Browser Security
A sophisticated new injection campaign has been uncovered, targeting mobile users through malicious third-party JavaScript to deliver a Chinese adult-content Progressive Web App (PWA)...