Learn how the JFrog Security research team discovered and disclosed CVE-2025-11953 which poses a threat to developers using the popular React Native CLI.
Malicious Go and PyPI packages use Gmail and wget to exfiltrate data, wipe Linux disks, and hijack crypto credentials.
Ripple’s xrpl.js npm package backdoored on April 21, exposing 135K users’ private keys to attackers.
The Data Protection Commission has fined Meta $101M because 600 million Facebook and Instagram passwords were stored in plaintext.
he Go vulnerability database, https://vuln.go.dev, which provides a comprehensive source of information about known vulnerabilities in public Go modules. You can browse
GitHub will start requiring active developers to enable two-factor authentication (2FA) on their accounts beginning next week, on March 13.
