It pays to be a forever student

Welcome to this week's edition of the Threat Source newsletter. If I haven't said it in a newsletter before, I'll say it now: If you want to be good at cybersecurity, be a forever student. Cultivating and feeding your desire to know how things work is one of the key ingredients to being a hacker...

PT-2026-23185

Name of the Vulnerable Software and Affected Versions TheBi versions through 1.0.5 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, which can lead to Reflected Cross-Site Scripting XSS. This allows an attacker to inject malicious...

EUVD-2025-179553

Malicious code in cosmiconfig-fermiparadox-parsec-forever npm...

EUVD-2025-178868

Malicious code in forever-regulus-hyperion-commitizen npm...

EUVD-2025-178873

Malicious code in forever-cygnus-postcss-jwt npm...

EUVD-2025-178867

Malicious code in forever-webpack-whitedwarf-nextjs npm...

EUVD-2025-179866

Malicious code in cassini-socketio-concurrently-forever npm...

EUVD-2025-179994

Malicious code in bootstrap-forever-uranology-colors npm...

EUVD-2025-179315

Malicious code in despina-kastra-forever-supervisor npm...

EUVD-2025-179981

Malicious code in boson-forever-leda-pegasus npm...

EUVD-2025-177765

Malicious code in mongoose-wolf-deimos-forever npm...

EUVD-2025-177692

Malicious code in nconf-gemini-webdriver-mocha-forever npm...

EUVD-2025-176679

Malicious code in resolvers-forever-mongoose-multiverse npm...

EUVD-2025-178875

Malicious code in fomalhaut-restart-loglevel-forever npm...

EUVD-2025-178872

Malicious code in forever-cypress-public-package npm...

EUVD-2025-178871

Malicious code in forever-heka-polaris-elektra npm...

EUVD-2025-178870

Malicious code in forever-iota-callback-vulcan npm...

EUVD-2025-178866

Malicious code in forever-zephyr-pavo-slides npm...

EUVD-2025-178869

Malicious code in forever-npm-sociobiology-cassini npm...

EUVD-2025-177066

Malicious code in prettier-registry-forever-prettier-plugin-markdown npm...