Malicious NuGet packages drop disruptive 'time bombs'

Several malicious packages on NuGet have sabotage payloads scheduled to activate in 2027 and 2028, targeting database ...
SecurityWeek

Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks

Software supply chain security firm JFrog has disclosed the details of a critical vulnerability affecting a popular React ...
Estonian World

Russia suspected of using MS Estonia wreck for Baltic Sea espionage

New evidence from a German investigative consortium has raised suspicions that Russia may have turned the wreck of the MS Estonia – the ferry that sank in 1994 killing 852 people – into a training ...
Microsoft

Innovation spotlight: How 3 customers are driving change with migration to Azure SQL

Organizations are under constant pressure to modernize their estate. Legacy infrastructure, manual processes, and increasing data volumes in silos make it harder to deliver the performance, security, ...
The Hacker News

New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login

SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution. The ...
The Hacker News

npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to ...