Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via phishing campaigns. The ...
Chainguard, a trusted foundation for software development and deployment, is launching Chainguard Libraries for JavaScript, a collection of trusted builds of thousands of common JavaScript ...
The risk in the JavaScript ecosystem isn't theoretical: earlier this month, a number of packages used by millions of developers were compromised via malicious code. These malware attacks against ...
The notification arrived on September 14, 2025, at 17:58 UTC. Somewhere in the sprawling npm registry—home to 2.5 million JavaScript packages that power everything from banking apps to smart ...
Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to be the world’s biggest supply-chain attack ever. “Sorry everyone, I should ...
In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack. In the emails, the ...
The breach hit core JavaScript libraries such as chalk and strip-ansi, downloaded billions of times each week, raising alarms over the security of open-source software. Hackers have compromised widely ...
NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by bitcoin wallets. A major NPM developer, qix, has had their account compromised.
At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback