A new strain of the Shai Hulud worm is discovered by researchers, signaling the self-propagating supply chain threat ...

As a worm spread through hundreds of npm packages in 2025, it didn't exploit a vulnerability – it exploited the architecture.

Researchers uncovered 27 malicious npm packages used over five months to host phishing pages that steal credentials from ...

Security topics take the top spots by a clear margin: in software development, it's supply chain incidents that make life ...

JavaScript creator says rushed web UX causes bloat and points to WebView2/Electron as Windows 11’s bigger problem.

If you are one of the 1.2 billion registered users of the LinkedIn professional social network platform, pay attention to ...

The malicious fork, named ‘lotusbail’ has all the same functionality as the legitimate project, but it also steals WhatsApp authentication tokens and session keys. Furthermore, it intercepts and ...

Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain ...

What Happened in the Shai Hulud JavaScript Attack? A major JavaScript supply-chain attack has compromised more than 400 NPM packages — including at least 10 widely used across the crypto ecosystem — ...

A new Shai-Hulud supply chain attack has hit nearly 500 npm packages with a total of 132 million monthly downloads. The latest campaign follows one in September that infected nearly 200 npm packages ...

Malicious code continues to be uploaded to open source repositories, making it a challenge for responsible developers to trust what’s there, and for CISOs to trust applications that include open ...

As poisoned software continues to pop up across the industry, some threat actors have found a way to hide malicious code in npm packages and avoid detection from most security tools. In an blog post ...