Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by bitcoin wallets. A major NPM developer, qix, has had their account compromised.

'This is unironically a malware nuclear missile.' ...

Two malicious Axios npm releases have prompted warnings for developers to rotate credentials and treat affected systems as ...

ThreatDown’s EDR team discovered a sophisticated, multi-stage attack chain during an active investigation; the first documented case of attackers abusing the Deno runtime as a malware execution ...

AI-generated computer code is rife with references to nonexistent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages ...

Security firm Trend Micro has discovered an attack on home routers that involves malicious JavaScript, a mobile website, and a mobile device such as a smartphone. This attack has been taking place ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

Software developers have embraced “artificial intelligence” language models for code generation in a big way, with huge gains in productivity but also some predictably dubious developments. It’s no ...

The notification arrived on September 14, 2025, at 17:58 UTC. Somewhere in the sprawling npm registry—home to 2.5 million JavaScript packages that power everything from banking apps to smart ...

Researchers have devised a new attack that can bypass one of the main exploit mitigations in browsers: Address space layout randomization (ASLR). The attack takes advantage of how modern processors ...