TechJuice

Hackers Exploit npm Supply Chain to Gain AWS Admin Access

Hackers exploited a compromised npm package to breach cloud systems and gain full AWS administrator access within 72 hours.
The Hacker News

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Two critical n8n flaws (CVSS 9.4, 9.5) enable RCE via expression sandbox escape and public forms, risking credential exposure ...

New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.
Cybernews

Who owns your Chrome extension? Researchers warn side projects are being turned into malware

Many Chrome extensions start as small developer projects, and once they gain users, are sold on. But what if the new owner turns out to be a bad actor who gains the ability to update software running ...