News list for "javascript"
Binance Wallet confirmed in an official post that the recent supply chain attack affecting multiple JavaScript packages did not affect its systems, and all customer data and assets were safe. It is reported that the attacked JavaScript packages are downloaded more than 2 billion times a week. Binance stressed that this incident is another reminder of the importance of supply chain security, and said that security remains its top priority.
币安钱包官方发文确认,近期影响多个JavaScript包的供应链攻击并未对其系统造成影响,所有客户数据和资产均安全无虞。据悉,此次受攻击的JavaScript包每周下载量超过20亿次。Binance强调,此事件再次提醒供应链安全的重要性,并表示安全仍是其首要优先事项。
Ledger's chief technology officer has warned that the JavaScript ecosystem may be facing a "massive" crypto hack and advised users to avoid on-chain transactions for now.
Ledger 首席技术官发出警告,称 JavaScript 生态可能正面临“大规模”加密黑客攻击,并建议用户暂时避免进行链上交易。
The XRP Ledger Foundation said the latest version of the XRPL JavaScript library used to build applications had a potential vulnerability and urged affected projects to update to patched versions of the code. The issue was discovered by Charlie Eriksen, a researcher at Aikido Security malicious software, who said the "backdoor" could lead to a "potentially catastrophic" supply chain attack.
XRP Ledger Foundation 表示,用于构建应用程序的 XRPL JavaScript 库的最新版本存在潜在漏洞,并敦促受影响的项目更新到修补版本的代码。 该问题是由 Aikido Security 恶意软件研究员 Charlie Eriksen 发现的,他表示这个“后门”可能会导致“潜在灾难性”的供应链攻击。
Socket研究团队在一场新的攻击中发现,朝鲜黑客组织Lazarus与六个新的恶意npm软件包有关,这些软件包试图部署后门以窃取用户凭证。此外,这些恶意软件还能提取加密货币数据,窃取Solana和Exodus加密钱包中的敏感信息。攻击主要针对Google Chrome、Brave和Firefox浏览器的文件以及macOS的钥匙串数据,专门诱骗开发者无意中安装这些恶意软件包。
Trilitech, the developer of the Tezos blockchain, has announced the launch of smart rollup Jstz powered by JavaScript. Layer2 rollup, which the team says will be built on Tezos, will allow developers to work with JavaScript and its vast resources. What sets Jstz apart is that it is designed with a standard JavaScript API, enabling developers to use an ecosystem of JavaScript tools and libraries.
Tezos区块链的开发公司Trilitech宣布将推出由JavaScript驱动的智能rollup Jstz。该团队称,即将在Tezos上构建的Layer2 rollup将允许开发人员使用JavaScript及其大量资源。Jstz的与众不同之处在于它的设计符合标准的JavaScript API,使开发者能够使用JS工具和库组成的生态系统。
