GitHub has disclosed two incidents in the NPM package repository infrastructure. On November 2, third-party security researchers ( Kajetan Grzybowski and Maciej Piechota ) as part of the Bug Bounty program announced a vulnerability in the NPM repository that allows you to publish a new version of any package using your account, which is not authorized to perform such updates. […]

Google has rolled out its monthly security patches for Android with fixes for 39 flaws, including a zero-day vulnerability that it said is being actively exploited in the wild in limited, targeted attacks. Tracked as CVE-2021-1048, the zero-day bug is described as a use-after-free vulnerability in the kernel that can be exploited for […]