New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
CSO Online

Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core

Patching is not enough: applications embedding the insecure library will need to be rebuilt, and affected tokens and cookies ...

Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI

Mozilla says Firefox 150 patches 271 vulnerabilities found with Anthropic’s restricted Mythos AI, highlighting how quickly AI ...