Week 11 of the #Privacy Roundup is out. Featuring:

- Data broker bragging about having personal information of billions of people
- How the ESP32 #Bluetooth backdoor isn't a backdoor
- North Korean government APTs spreading #malware on #Google play, #npm
- An ICE OSINT Tool that can monitor 200+ websites of a target
- #Apple patching an exploited zero-day in WebKit
- #Microsoft Patch Tuesday, 6 exploited zero-days

... and more, of course.

#privacymatters #cybersecurity #cve

https://avoidthehack.com/privacy-week11-2025

North Korean #Lazarus hackers infect hundreds via #npm packages

https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-infect-hundreds-via-npm-packages/

#Development #Launches
SQL Noir · A game to learn SQL by solving crimes https://ilo.im/162ciw

_____
#OpenSource #Game #Database #SQL #MySQL #SQLite #PostgreSQL #Npm #WebDev #Backend

Just released Node Pebble version 5.1.1

• Updated to Pebble version 2.7.0.

• Now also supports macOS and arm64 (because Pebble itself does).

https://codeberg.org/small-tech/node-pebble

Node Pebble is a Node.js wrapper for Let’s Encrypt’s¹ Pebble² that:

• Downloads the correct Pebble binary for your platform.

• Launches and manages a single Pebble process.

• Returns a reference to the same process on future calls (safe to include in multiple unit tests where order of tests is undetermined)

• Automatically patches Node.js’s TLS module to accept Pebble server’s test certificate as well as its dynamically-generated root and intermediary CA certificates.

¹ https://letsencrypt.org

² “A miniature version of Boulder, Pebble is a small RFC 8555 ACME test server not suited for a production certificate authority.” https://github.com/letsencrypt/pebble

#Hackers despliegan paquetes #npm maliciosos para robar claves de billeteras #Solana por medio de #Gmail #SMTP
https://blogs.masterhacks.net/noticias/criptomonedas/hackers-despliegan-paquetes-npm-maliciosos-para-robar-claves-de-billetera-solana-a-traves-de-gmail-smtp/

#Snyk security researcher deploys malicious #NPM packages targeting Cursor(dot)com

https://sourcecodered.com/snyk-malicious-npm-package/

Malicious #npm packages target #Ethereum developers' private keys

https://www.bleepingcomputer.com/news/security/malicious-npm-packages-target-ethereum-developers-private-keys/

Malicious #Rspack, #Vant packages published using stolen #NPM tokens

https://www.bleepingcomputer.com/news/security/malicious-rspack-vant-packages-published-using-stolen-npm-tokens/

#ayuda fediverso
estoy tratando de instalar #nextcloud (en hetzner) detras de un #nginx proxy manager #npm

en "local" me va (accediendo con el nombre de maquina que tengo en #tailscale (vease primer pantallazo)

este es el #docker compose que he usado:
https://github.com/nickistre/nextcloud-s3-docker
(estoy tratando de utilizar #s3 (backblaze)

luego, para meterlo en nginx estoy basandome en esta documentacion:
https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#nginx-proxy-manager---npm

tambien he añadido los "allowed hosts" con: el nombre de la maquina (hostname), la ip publica de hetzner, y la ip de tailscale (vease segundo pantallazo) basandome en esta documentacion:
https://docs.nextcloud.com/server/18/admin_manual/installation/installation_wizard.html#trusted-domains

pero aun con esas modificaciones:
- no puedo acceder al servicio salvo que no sea con local hostname. no me va ni con ip de tailscale, ni ip publica:puerto de hetzner
- en nginx npm, por una parte no puedo solicitar certificado. de nuevo: he probado con local hostname, localhost, ip tailscale, ip publica
- certificado aparte, la redireccion en si tampoco va. he probado con todos los nombres / ips que dije antes. me salta directamente (tiempo de carga instantaneo) a no encontrado (vease tercer pantallazo)

resumiendo: como se instala nextcloud con s3 storage y nginx npm?

se agradece #boost

Deno 2.1 is out ️
️ first class Wasm support
️ Long Term Support branch
️ Improved dependency management
and much more!

https://deno.com/blog/v2.1

A threat actor published a playbook for exploiting #npm on a dark web forum, demonstrating how packages can be weaponized to build a blockchain-powered botnet. This rare inside look reveals the tools and techniques used in the latest supply chain attack.

https://socket.dev/blog/exploiting-npm-to-build-a-blockchain-powered-botnet #JavaScript

Deno is a JavaScript package manager with more flexibility:
️ npm and JSR
️ package.json and deno.json
️ fast

https://deno.com/blog/your-new-js-package-manager

Anyone got any experience with pnpm? Thoughts?
https://pnpm.io

Por casualidad hay alguien que haya abierto su puerto 443 en un router mikrotik para hacer sus certificados con #npm

Quiero hacer una cosa con alexa y #homeassistant y es uno de los requisitos, exponer dicho puerto.

Tengo y uso el domino que te da mikrotik (el que tiene un nombre raro) pero no sé usarlo para crear el certificado nginx proxy manager.

Se agradece cualquier ayuda

Aaa! Yesterday, I published a new TypeScript library!!

It's an API Wrapper for the PiShock API!

https://www.npmjs.com/package/pishock-ts

It's also fully open source, and has proper error handling!

Roblox Developers Under Attack & More

#ThreatWire #Chromium #NPM

https://www.youtube.com/watch?v=6SAxzHCBOQ8