JQuery | Breaking Cybersecurity News | The Hacker News

Drupal, the popular open-source content management system, has released security updates to address multiple "moderately critical" vulnerabilities in Drupal Core that could allow remote attackers to compromise the security of hundreds of thousands of websites. According to the advisories published today by the Drupal developers, all security vulnerabilities Drupal patched this month reside in third-party libraries that are included in Drupal 8.6, Drupal 8.5 or earlier and Drupal 7. One of the security flaws is a cross-site scripting (XSS) vulnerability that resides in a third-party plugin, called JQuery, the most popular JavaScript library that is being used by millions of websites and also comes pre-integrated in Drupal Core. Last week, JQuery released its latest version jQuery 3.4.0 to patch the reported vulnerability, which has not yet assigned a CVE number, that affects all prior versions of the library to that date. "jQuery 3.4.0 includes a fix for som

The official blog of jQuery—most popular JavaScript library used by millions of websites—has been hacked by some unknown hackers, using the pseudonym "str0ng" and "n3tr1x." jQuery's blog website ( blog.jquery.com ) runs on WordPress—the world's most popular content management system (CMS) used by millions of websites. While there is no evidence yet if the server (code.jquery.com) that host jQuery file was also compromised, The Hacker News took a screenshot (as shown above) and can confirm that the hackers merely published a simple blog post to deface the website. The defaced blog post URL — https://blog.jquery.com/2017/10/26/hacked/ (now removed). Since the above-mentioned blog post was published under the name of Leah Silber, a core member of jQuery team, it seems hackers were able to make their post live by compromising Silber's account—probably by reusing her password leaked in a previous data breach. If not, the hackers might have gained

The official website of the popular cross-platform JavaScript library jQuery (jquery.com) has been compromised and redirecting its visitors to a third-party website hosting the RIG exploit kit , in order to distribute information-stealing malware. JQuery is a free and open source JavaScript library designed to simplify the client-side scripting of HTML. It is used to build AJAX applications and other dynamic content easily. The popular JavaScript library is used by 30 percent of websites, including 70 percent of the top 10,000 most visited websites. James Pleger , Director of Research at Risk management software company RiskIQ , reported yesterday that the attack against jQuery.com web servers launched for a short period of time on the afternoon of September 18th. So, the users who visited the website on September 18th may have infected their system with data-stealing malware by redirecting users to the website hosting RIG. Pleger urged those who visited the site durin

Early in 2024, Wing Security released its State of SaaS Security report , offering surprising insights into emerging threats and best practices in the SaaS domain. Now, halfway through the year, several SaaS threat predictions from the report have already proven accurate. Fortunately, SaaS Security Posture Management (SSPM) solutions have prioritized mitigation capabilities to address many of these issues, ensuring security teams have the necessary tools to face these challenges head-on. In this article, we will revisit our predictions from earlier in the year, showcase real-world examples of these threats in action, and offer practical tips and best practices to help you prevent such incidents in the future. It's also worth noting the overall trend of an increasing frequency of breaches in today's dynamic SaaS landscape, leading organizations to demand timely threat alerts as a vital capability. Industry regulations with upcoming compliance deadlines are demanding similar time-sens