Forwarded from Hacker News
www.stepsecurity.io
Supply Chain Security Alert: eslint-config-prettier Package Shows Signs of Compromise - StepSecurity
We are currently investigating a potential supply chain security incident involving the eslint-config-prettier npm package. This widely-used package, which helps developers maintain consistent code formatting by turning off ESLint rules that conflict with…
Forwarded from Hacker News
forgecode.dev
Forge Code
A deep dive into critical security vulnerabilities found in Model Context Protocol (MCP) implementations, including tool description injection, authentication weaknesses, and supply chain risks, highlighting why these issues demand immediate attention in…
Google reportedly pays Apple up to $20 billion every year just to remain the default search engine on iPhones ...
Why It Matters: The $20 billion payment from Google to Apple is a significant confirmation to the manipulation and monopolistic practices in the online search and advertising market.....
Meanwhile ... Google has been paid BILLIONS to use their platform to spread FALSE INFORMATION and introduce communist values to SNUFF FACTS AND FREEDOM OF SPEECH
☄️👇👇👇👇☄️
But you won’t hear about the real dangers — from manipulated search results to silenced voices — in the mainstream media.
That’s why it’s so important to follow independent sources that uncover the truth they don’t want you to see.
Why It Matters: The $20 billion payment from Google to Apple is a significant confirmation to the manipulation and monopolistic practices in the online search and advertising market.....
Meanwhile ... Google has been paid BILLIONS to use their platform to spread FALSE INFORMATION and introduce communist values to SNUFF FACTS AND FREEDOM OF SPEECH
☄️👇👇👇👇☄️
But you won’t hear about the real dangers — from manipulated search results to silenced voices — in the mainstream media.
That’s why it’s so important to follow independent sources that uncover the truth they don’t want you to see.
Forwarded from Hacker News
Electronic Frontier Foundation
Amazon Ring Cashes in on Techno-Authoritarianism and Mass Surveillance
Ring founder Jamie Siminoff is back at the helm of the surveillance doorbell company, and with him is the surveillance-first-privacy-last approach that made Ring one of the most maligned tech
Forwarded from Hacker News
Into the Stack
Async I/O on Linux and durability
I've been working on a complex multi-model database for a few weeks now, and recently I took time to simplify and test out an idea I had on a simple key-value database. I started with the basics: A hash table in memory, a simple append-only log for persistence…
Forwarded from The Hacker News
🚨 Hackers are actively exploiting a critical flaw in CrushFTP (CVE-2025-54309, CVSS 9.0) to gain admin access via HTTPS—no DMZ needed.
They reverse engineered a patch and struck fast.
The worst part? Many systems are still exposed.
Details here → https://thehackernews.com/2025/07/hackers-exploit-critical-crushftp-flaw.html
They reverse engineered a patch and struck fast.
The worst part? Many systems are still exposed.
Details here → https://thehackernews.com/2025/07/hackers-exploit-critical-crushftp-flaw.html
Forwarded from The Hacker News
🚨 Hackers hijacked popular npm packages using phishing emails that mimicked npm support.
They published malware directly—no GitHub commits, no PRs.
One version tries to run a DLL for remote code execution.
Check if you’re affected ↓ https://thehackernews.com/2025/07/malware-injected-into-6-npm-packages.html
They published malware directly—no GitHub commits, no PRs.
One version tries to run a DLL for remote code execution.
Check if you’re affected ↓ https://thehackernews.com/2025/07/malware-injected-into-6-npm-packages.html
Forwarded from The Hacker News
⚠️ A critical UNPATCHED zero-day in Microsoft SharePoint (CVE-2025-53770) is being massively exploited right now.
At least 75 orgs breached—including major companies and governments.
Here’s what you need to know ↓ https://thehackernews.com/2025/07/critical-microsoft-sharepoint-flaw.html
At least 75 orgs breached—including major companies and governments.
Here’s what you need to know ↓ https://thehackernews.com/2025/07/critical-microsoft-sharepoint-flaw.html