Researchers at Zscaler ThreatLabz have found three malicious Bitcoin npm packages that are meant to implant malware named ...
A jsPDF vulnerability tracked as CVE-2025-68428 could allow attackers to read arbitrary files, exposing configurations and ...
Security researchers found 3 npm packages that installed NodeCordRAT malware, stealing browser data, crypto wallet secrets & ...
A critical CVSS 9.2 flaw in AdonisJS bodyparser lets attackers write arbitrary files via path traversal when uploads are ...
Hackers behind the Shai Hulud malicious npm JavaScript campaign are likely testing a new variant of the malware. Security ...
Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain compromise rather than traditional endpoint infection, using trojanized ...
The Indian Computer Emergency Response Team (CERT-In) has issued an advisory, noting the risk of a cyber threat campaign specifically targeting JavaScript’s node package manager (npm) ecosystem. The ...
Microsoft-owned repository GitHub has responded to recent node package manager (npm) attacks such as the Shai-Hulud self-replicating worm, attempting to restore trust in the open-source ecosystem.
An apparent "Dune" aficionado is responsible for perpetrating the first self-propagating attack on the npm JavaScript repository in what a security company has described as being one of the most ...
Hundreds of compromised NPM packages have already been found, and the list continues to grow as a major supply chain attack spreads malware. Developers are urged to be extremely cautious after hackers ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback