A critical security vulnerability has been discovered in the widely-used sha.js npm package, exposing millions of applications to sophisticated hash manipulation attacks that could compromise cryptographic operations and enable unauthorized access to sensitive systems. The vulnerability, designated CVE-2025-9288, affects all versions up to 2.4.11 of the library, which has accumulated over 14 million downloads across […] The post 14 Million-Download SHA JavaScript Library Exposes Users to Hash Manipulation Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/14-million-download-sha-javascript-library-exposes/
