AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.
heise online

Notepad++: Security update against code smuggling vulnerability

Notepad++ has been released in version 8.9.2. The new version improves security mechanisms and closes a highly risky security vulnerability through which attackers can execute arbitrary code. In the ...
CSOonline

Notepad++ author says fixes make update mechanism ‘effectively unexploitable’

The recently compromised update mechanism for the popular open source text editor Notepad ++ has been hardened so it’s now ‘effectively unexploitable’, says the application’s author. Don Ho made the ...
Bleeping Computer

What 5 Million Apps Revealed About Secrets in JavaScript

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder’s research team built a new secrets detection method and scanned 5 ...
Business Standard

Microsoft plugs remote code vulnerability in Notepad app on Windows 11

Microsoft has fixed a security flaw in Notepad that could have allowed attackers to trick users into clicking harmful links inside Markdown files. The company resolved the issue in its latest patch ...
ExtremeTech

Microsoft Fixes Windows 11 Bug That Let Attackers Run Remote Code in Notepad

Share on Facebook (opens in a new window) Share on X (opens in a new window) Share on Reddit (opens in a new window) Share on Hacker News (opens in a new window) Share on Flipboard (opens in a new ...
The Verge

Microsoft fixes Notepad flaw that could trick users into clicking malicious Markdown links

Bad actors could use the flaw to remotely load and execute malicious files on a victim’s computer. Bad actors could use the flaw to remotely load and execute malicious files on a victim’s computer. is ...
PC World

Windows Notepad is now complex enough to have a serious security flaw

PCWorld reports that Windows Notepad’s new Markdown support feature has introduced a serious remote code execution vulnerability with a high CVSS score of 8.8/7.7. The security flaw allows malicious ...
TechSpot

Unwanted AI upgrade to Windows Notepad created a serious security flaw

The big picture: Microsoft released its latest Patch Tuesday update this week with 59 hotfixes across Windows, Microsoft Office, Azure, and core system components. The update includes patches for six ...
ZDNet

I tried a Claude Code rival that's local, open source, and completely free - how it went

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...
heise online

Exchange Online: Microsoft updates timeline for SMTP Auth Basic end

For various protocols, Microsoft has already removed Basic Authentication in Exchange Online. The timeline for SMTP is being postponed. So far, Microsoft has disabled simple username-password login ...