nope-validator Regular Expression Denial of Service vulnerability

Nope is a JavaScript validator. Versions 0.11.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. This vulnerability is fixed in 0.12.1...

GHSA-3PHV-83CJ-P8P7 nope-validator Regular Expression Denial of Service vulnerability

Nope is a JavaScript validator. Versions 0.11.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. This vulnerability is fixed in 0.12.1...

iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation

The TriangleDB implant used to target Apple iOS devices packs in at least four different modules to record microphone, extract iCloud Keychain, steal data from SQLite databases used by various apps, and estimate the victim's location. The new findings come from Kaspersky, which detailed the great...

The outstanding stealth of Operation Triangulation

Introduction In our previous blogpost on Triangulation, we discussed the details of TriangleDB, the main implant used in this campaign, its C2 protocol and the commands it can receive. We mentioned, among other things, that it is able to execute additional modules. We also mentioned that this...

SUSE CVE-2013-7451

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag...

Joyent Node.js validator security bypass vulnerability (CNVD-2016-02548)

Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability in Joyent Node.js validator allows remote attackers to bypass filters by submitting special input...