Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
GitHub

chainguard-sandbox/openssl-fips-test

This tool can only detect whether or not OpenSSL is properly configured: applications and languages must be built to make use of shared linked system libcrypto in order for the OpenSSL FIPS ...
InfoWorld

WinterTC: Write once, run anywhere (for real this time)

The unified JavaScript runtime standard is an idea whose time has come. Here’s an inside look at the movement for server-side JavaScript interoperability.
IEEE

VMPL-KMI: Protecting Kernel Module Integrity within Confidential VMs

Abstract: Confidential Virtual Machines (CVMs), such as AMD SEV, offer external protection but lack a privilege hierarchy, making them vulnerable to susceptible loadable kernel modules (LKMs).
GitHub

javascript-modules

A bundler for javascript and friends. Packs many modules into a few bundled assets. Code Splitting allows for loading parts of the application on demand. Through "loaders", modules can be CommonJs, ...