Skip to Content
Security

Security

2 posts

Posts tagged with Security

Sarah Kim
Cover Sarah Kim Sarah Kim California, USA 🇺🇸

Major Security Flaw Discovered in Popular JWT Libraries

Critical vulnerability in jsonwebtoken and jose libraries affects millions of applications. Attackers can bypass authentication by exploiting algorithm confusion attacks

Major Security Flaw Discovered in Popular JWT Libraries

A critical security vulnerability has been discovered in two of the most widely-used JWT libraries: jsonwebtoken (npm) and jose (npm), collectively downloaded over 50 million times per week. The flaw allows attackers to completely bypass authentication systems.

The Vulnerability Explained

The issue stems from algorithm confusion attacks where malicious actors can manipulate JWT tokens to use weaker signing algorithms than intended.

How it works:

  1. Application expects RS256 (RSA with SHA-256)
  2. Attacker modifies token header to use HS256 (HMAC with SHA-256)
  3. Attacker signs token using the public key as HMAC secret
  4. Server validates token successfully, granting unauthorized access

Affected Versions

jsonwebtoken

Major Security Flaw Discovered in Popular JWT Libraries Read more
Lisa Park
Cover Lisa Park Lisa Park California, USA 🇺🇸

Critical Vulnerability Found in Popular npm Package

Security researchers discover backdoor in 'node-ipc' package with over 1 million weekly downloads. Immediate update recommended for all Node.js projects

Critical Vulnerability Found in Popular npm Package

A critical security vulnerability has been discovered in the widely-used npm package 'node-ipc', affecting potentially millions of JavaScript applications worldwide.

The Vulnerability

The malicious code, introduced in version 10.1.1, can:

  • Execute arbitrary commands on infected systems
  • Access environment variables and secrets
  • Establish backdoor connections to remote servers
💡
Over 1,200 popular packages depend on node-ipc, making this one of the most widespread npm security incidents to date.

Immediate Action Required

# Check if you're affected
npm list node-ipc

# Update to safe version
npm update [email protected]

How It Happened

The package maintainer's account was compromised through a

Critical Vulnerability Found in Popular npm Package Read more

Feed

A fast-paced, social media-style theme designed for tech news, startup updates, and digital innovation coverage.

Featured

Popular Tags

AI

AI

7 posts
Design

Design

4 posts
Copilot

Copilot

3 posts
JavaScript

JavaScript

3 posts
Figma

Figma

3 posts

Recommendations

Favicon for GitHub GitHub

Join the world’s most widely adopted, AI-powered developer platform where millions of developers, businesses, and the largest open source community build software that advances humanity.

Favicon for Priority Vision Priority Vision

Discover our collection of premium Ghost themes featuring modern design and lightning-fast performance. Perfect for blogs, magazines, and portfolios.

Favicon for The Verge The Verge

Technology, science, art, and culture news

Favicon for CSS-Tricks CSS-Tricks

Web design and development tutorials

Favicon for Figma Figma

Figma is the leading collaborative design tool for building meaningful products. Seamlessly design, prototype, develop, and collect feedback in a single platform.

© 2025 Feed - Published with Ghost & Feed
Anonymous