Bleeping Computer

Backdoor in Popular JavaScript Library Set to Steal Cryptocurrency

A JavaScript library that scores over two million downloads every week has been injected with malicious code for stealing coins from a cryptocurrency wallet. The affected package is Event-Stream, ...
CSOonline

Critical flaw in OpenPGP.js raises alarms for encrypted email services

A newly discovered flaw in OpenPGP.js, a JavaScript cryptography library used by services like Proton Mail, could allow attackers to spoof messages that appear securely signed and encrypted, security ...