Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
The Hacker News

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

WebRTC skimmer exploits PolyShell flaw since March 19, hitting 56.7% stores, enabling stealth data theft bypassing CSP.
Barron's

Ho Chi Minh City Development JS Commercial Bank

Ho Chi Minh City Development Joint Stock Commercial Bank engages in the provision of commercial banking services. It offers savings, deposit, money transfer, e-banking, credit, export sponsor, working ...

File read flaw in Smart Slider plugin impacts 500K WordPress sites

A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbitrary files on the server.
Visual Studio Magazine

BFF and SPAs: Best Friends Forever

Christian Wenz explains why the Backends for Frontends (BFF) pattern is emerging as a more secure authentication model for single-page applications.