Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...
IEEE

Privacy-Accountable Distributed Collaborative Authentication for Malicious Node Resistance in Vehicular Ad Hoc Networks

Abstract: In vehicular ad hoc networks (VANETs), distributed identity authentication provides the foundation for securing sessions among entities over wireless channels while eliminating single points ...
The Hacker News

Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls

Fortinet has officially confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls.
GitHub

db-mcp (SQLite MCP Server)

(none) Tool read_query Whitelist Mode: Enable ONLY this tool + Group +vector Add tools from this group to current set -Group-admin Remove tools in this group from current set ...
Bleeping Computer

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
GitHub

Comprehensive SQLite performance benchmarking suite testing PRAGMA settings, WAL mode optimizations, and encryption performance across multiple Node.js versions.

Insert Operations: Synchronous OFF (Unsafe) on Node.js v20.19.5 (12,735 ops/sec) Select Operations: MMAP 256MB on Node.js v22.21.1 (17,413 ops/sec) Update Operations: Incremental Vacuum on Node.js v20 ...
IEEE

Semi-Trusted Edge Node-Assisted Batch Authentication and Key Agreement Scheme for IIoT

Abstract: In traditional industrial Internet of Things (IIoT) authentication and key agreement (AKA) schemes, users must establish one-to-one authentication with industrial devices via a trusted ...