Hackers compromised the Injective Labs SDK project's GitHub repository and used it to publish a malicious package on the Node ...
The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
Malicious jscrambler 8.14.0 runs hidden binaries during npm install on Windows, macOS, and Linux, with no fix available as of ...
JavaScript engineering teams have a shrinking window to prepare: npm v12, the package manager's most significant security redesign in its 16-year history, is expected to reach final release before the ...
In a photo taken on June 14, 2018, students wearing Korean People's Army (KPA) uniforms sit before computer screens as they attend a class at the Mangyongdae Revolutionary School outside Pyongyang.
North Korean threat actors are escalating the PolinRider supply chain attack across Go, Packagist, and npm package ...
Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. This attribution ...
The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp.
The Miasma malware campaign has claimed another victim, poisoning more than 20 versions of legitimate npm packages used by the Leo Platform and RStreams ecosystems as its operators continue refining ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results