Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
Opinion
HackadayOpinion

This Week In Security: Ubiquiti Fixes, And FreeBSD Joins The Club You Don’t Want To Join

Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale. The vulnerabilities ...
decrypt

What Is an AI Prompt Injection Attack? The Hidden Threat Hijacking Your Chatbots

Add Decrypt as your preferred source to see more of our stories on Google. Prompt injection is the number one security risk for AI applications. The attack works by tricking a chatbot into following ...

Web browsers can spy on information via SSD access times

IT researchers have demonstrated a side-channel attack called "FROST" where browsers can spy on user behavior via SSD access times.