Popular Forge library gets fix for signature verification bypass flaw

A vulnerability in the 'node-forge' package, a popular JavaScript cryptography library, could be exploited to bypass ...

Columbus Metropolitan Library sets opening for new Canal Winchester branch

The Columbus Metropolitan Library has set an opening date for its Canal Winchester branch.
CoinJournal

Shai Hulud malware hits NPM as crypto libraries face a growing security crisis

Shai Hulud malware has infected hundreds of NPM libraries, including major ENS and crypto packages, triggering a JavaScript ...

Suzy Bassani, longtime Dayton arts leader and advocate, dies at 85

A trailblazing champion for Dayton’s arts scene and founder of two cultural organizations has passed away at the age of 85.

An incredibly popular JavaScript library might have some worrying malware issues

A widely-adopted JavaScript library has been found carrying a critical vulnerability which could allow threat actors to ...
The Hacker News

APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains

APT24 and Autumn Dragon launch multi-year espionage campaigns using BADAUDIO, supply chain attacks, and new CVE-2025-8088 ...

Google exposes BadAudio malware used in APT24 espionage campaigns

China-linked APT24 hackers have been using a previously undocumented malware called BadAudio in a three-year espionage ...

New NPM supply-chain attack compromises major ENS and crypto libraries

A major JavaScript supply-chain attack has compromised hundreds of software packages — including at least 10 used widely ...
Crypto News

Massive NPM Supply-Chain Attack Targets ENS-Linked Libraries in Shai Hulud Breach

Shai-Hulud malware infiltrates 490 NPM packages, stealing API keys and credentials from ENS and major crypto development ...
SecurityWeek

Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks

A Chinese threat actor tracked as APT24 has been observed employing multiple techniques to deploy BadAudio malware ...

The silent checkout threat: Card details stolen before you press ‘Submit’

Attackers implant JavaScript skimmers that run silently in your browser, capturing full card numbers, CVVs, names, email ...