Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
GitHub

pdf-sdk

ComPDF SDK for Android — a full-featured PDF library offering comprehensive code samples and integration guides. Build robust PDF viewers and editors on Android with support for document viewing, ...
GitHub

J1ezds/Vulnerability-Wiki-page

这是一个每天同步Vulnerability-Wiki中docs-base中内容的项目. Contribute to J1ezds/Vulnerability-Wiki-page development by creating an account on GitHub.
The Hacker News

ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories

The cyber threat space doesn’t pause, and this week makes that clear. New risks, new tactics, and new security gaps are showing up across platforms, tools, and industries — often all at the same time.