Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

Microsoft Threat Intelligence has uncovered an active supply chain attack involving malicious npm packages registered under organizational scopes that mirror real internal corporate namespaces, ...

Web browsers can spy on information via SSD access times

IT researchers have demonstrated a side-channel attack called "FROST" where browsers can spy on user behavior via SSD access times.