Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...
Security Boulevard

Carelessness versus craftsmanship in cryptography

Two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. These bugs potentially affect thousands of ...

JS文件里的秘密:500 万款 App 洞察,4.2 万个密钥裸奔

IT之家 2 月 18 日消息,网络安全公司 Intruder 上月发布报告,深度扫描全球 500 万款应用,发现超过 4.2 万个机密信息(Secrets)以明文形式暴露在 JavaScript 文件中。 IT之家援引博文介绍,本次报告目标重点排查隐藏在 JavaScript 打包文件中的机密信息,扫描生成的纯文本报告超过 100MB,共计发现超过 ...