Security Boulevard

Carelessness versus craftsmanship in cryptography

Two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. These bugs potentially affect thousands of ...

North Korean job scammers target JavaScript and Python developers with fake interview tasks spreading malware

For those unfamiliar with Operation Dream Job, it is an ongoing campaign created by North Korean state-sponsored hackers.