Bleeping Computer

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...
GitHub

Builder for creating distributable JavaScript files from source. Concatenate, wrap, uglify.

Create a file with your build script (see the example in 'Usage' below), call it something like build.js and then run it with: Create a new Builder instance. Takes the starting directory as the first ...
Microsoft

Fixing the script: Journey to reduce XSS exposure

Cross‑site scripting (XSS) remains one of the most frequently reported web vulnerabilities—not because developers are unaware of it, but because many deployed mitigations address symptoms rather than ...
The Hacker News

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 ...
GitHub

A fully type-safe and lightweight internationalization library for all your TypeScript and JavaScript projects.

Click here to see an interactive demo of typesafe-i18n showing some key aspects of the type-checking capabilities of this internationalization library. Curious about what comes next? See this ...
WeLiveSecurity

Turla’s watering hole campaign: An updated Firefox extension abusing Instagram

Update, 21 June 2017: Due to our misunderstanding of communications with Google, the Firefox extension’s infection vector discussed below was wrongly described here on 06 June 2017; this is now ...