Researchers found a critical vulnerability in Node.js’s CI infrastructure that allowed code execution on Jenkins agents, risking supply chain attacks. Exploiting a Time-of-Check-Time-of-Use flaw, attackers could bypass security checks, potentially compromising millions of users. Node.js responded promptly by securing access to Jenkins, enhancing security measures, and ensuring rigorous audits, emphasizing the need for robust security across multi-platform CI/CD pipelines.
Cybercriminals Deceive Tenants into Redirecting Rent Payments to Fraudulent Accounts
Cybercriminals, identified as TA2900, are executing sophisticated business email compromises targeting tenants, mainly in France and Canada. They manipulate victims into redirecting rent payments by
