Bleeping Computer

AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code

The AppsFlyer Web SDK was temporarily hijacked this week with malicious code used to steal cryptocurrency in a supply-chain attack. The payload can intercept cryptocurrency wallet addresses entered on ...

Inside Hacks Final Season, Jean Smart Heart Surgery and Lesbian Episode

It's early on a warm January morning in Las Vegas, and the entire "Hacks" team - stars, crew, producers - is milling around ...
Security Boulevard

Fuzzing to Zero-Day: Pwning V8CTF With TurboFan Type Confusion, CVE-2025-2135

The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
The Economist

Global democracy is in better shape than you think

EIU grades 167 countries out of ten according to the state of their democracy, and sorts them into four camps: full and flawed democracies, and hybrid and authoritarian regimes. By that measure, ...