The Hacker News

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

Over 1,700 malicious packages since Jan 2025 fuel cross-ecosystem supply chain attacks, enabling espionage and financial ...
GitHub

abrauner/webtrees_sso_jwt-auth

This module runs as PSR-15 middleware on every HTTP request. It extracts a JWT token from the Authorization header or a cookie, validates the signature and claims, looks up the webtrees user by the ...
GitHub

apache_superset_cookie_sig_rce.rb

Apache Superset versions <= 2.0.0 utilize Flask with a known default secret key which is used to sign HTTP cookies. These cookies can therefore be forged. If a user is able to login to the site, they ...