GitHub

[Layer] inline javascript 触发CSP报错 #3068

我已仔细阅读: 🍀 Layui Issue 贡献指南 议题类型 功能请求 使用版本 2.13.7 问题描述 layer里面仍有部分代码会触发CSP 报错,注意到以前的关闭按钮抛弃了,变成了span,规避了javascript URL. layer的iframe里面仍然有onload 这种inline ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
InfoWorld

8 cutting-edge web development tools you don’t want to miss

Eight innovative tools that are reimagining web applications and how we build them. Welcome to the Great Unbloating.
The Hacker News

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...

Microsoft patches Exchange Server zero-day exploited in attacks

Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary ...

GCSE Biology: Nervous coordination

This short film focuses on the role of nervous system, how it functions, voluntary and involuntary reflexes and the function ...
The Hacker News

Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS

A large-scale campaign impersonates open-source and freeware project portals to redirect users through a gated TDS and ...
GitHub

Official Sentry SDKs for JavaScript

This is the next line of Sentry JavaScript SDKs, comprised in the @sentry/ namespace. It will provide a more convenient interface and improved consistency between various JavaScript environments. We ...