Security Boulevard

SmartApeSG Launches Okendo Reviews Supply Chain Attack

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
The Herald-Banner

Inspired by familiar challenge, ETAMU senior created app to decode rental contracts

For many renters, signing a lease can be one of the most important – and intimidating – financial decisions they make.
InfoWorld

Protocol Buffers schemas expose remote code execution risk

Researchers at Cyera found six vulnerabilities in prtobuf.js, including a flaw that can turn attacker-controlled schema data ...
Bleeping Computer

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...
Bleeping Computer

LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks

The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a malware loader based on the open-source Deno runtime for JavaScript and ...
The Business Journals

Meet the BostInno 2025 Fire Awards honorees

To continue reading this content, please enable JavaScript in your browser settings and refresh this page. Preview this article 1 min It’s time to unveil the 2025 ...
GitHub

A JavaScript H.264 decoder.

The video player first needs to download the entire video before it can start playing, thus appearing to be a bit slow at first, so have patience. You can start the video by clicking on each player.
the-decoder

Web Dev in Qwen generates full front-end code from just a prompt

Alibaba's "Web Dev" tool in Qwen turns website and app development into a prompt-based task. Running inside Qwen Chat, it lets users generate front-end code from a single instruction. A prompt like ...
the-decoder

Slopsquatting: One in five AI code snippets contains fake libraries

Security researchers have identified a new potential threat to software supply chains stemming from AI-generated code through a technique called "slopsquatting." Coined by security researcher Seth ...
The Hacker News

Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign

The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting ...