#supply-chain-vulnerabilities

[ follow ]
#javascript-ecosystem #package-managers #remote-code-execution #bug-bounty #cloud-security
Information security
fromSecurityWeek
3 days ago

'PackageGate' Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Six vulnerabilities in major JavaScript package managers (NPM, PNPM, VLT, Bun) allow bypassing supply chain protections and enable remote code execution.
fromComputerWeekly.com
1 month ago

Microsoft expands Bug Bounty scheme to include third-party software | Computer Weekly

The company is extending its reward programme to cover vulnerabilities in software that could affect services provided by the company, irrespective of whether it is owned and managed by Microsoft. Microsoft awarded more than $17m to security researchers through its bug bounty programmes and live hacking events this past year, and expects to offer more in 2026. The Redmond-based company said the programme, dubbed "in scope by default", will extend its bug bounty scheme to include serious vulnerabilities that affect Microsoft cloud services.
Information security
World news
fromwww.theguardian.com
2 months ago

West is missing obscure sanctions that could set back Russia's war machine'

Targeted sanctions on chemical additives for lubricants and vulcanisation accelerants could cripple Russia's ability to maintain tanks and military-grade tyres.
fromwww.theguardian.com
9 months ago

EU microchip strategy deeply disconnected from reality', say official auditors

We are competing in a global race, but from the back of the field, and it is unclear whether we have the means to be successful in this race.
Europe news
[ Load more ]