[email protected] contains malware after npm account takeover

Impact On 8 September 2025, the npm publishing account for color-string was taken over after a phishing attack. Version 2.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's...

Trend Micro Deep Security 后置链接漏洞

Trend Micro Deep Security is a server deep security protection system client from Trend Micro. A security vulnerability exists in Trend Micro Deep Security version 20.0 that stems from a link following issue in the anti-malware component that could lead to elevated privileges...