New timing-based vulnerabilities known as DoubleClickjacking, which exploit the gap between the start of a click and the end of the second click, have been discovered. Paulos Yibleo, a security researcher, said these vulnerabilities leverage a double-click sequence that can bypass all known clickjacking protections and facilitate account takeovers on almost all major websites. Preventative measures include disabling critical buttons unless triggered by a mouse gesture or key press, as services like Dropbox already do.
Sonatype reports rise in open source malware to 17,954
The 1Q 2025 Open Source Malware Index from Sonatype revealed that open source malware packages doubled compared to the same period last year, with 56%
