Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
Abstract: Web development companies and developers can choose a variety of technology stacks to build Web applications. In the early days of network development, different technologies were used for ...
North Korean threat actors are escalating the PolinRider supply chain attack across Go, Packagist, and npm package ...
A SimpleHelp authentication flaw is being exploited to deploy Djinn Stealer, a cross-platform malware targeting cloud, ...
A threat actor has been exploiting CVE-2026-48558, a critical SimpleHelp vulnerability, to drop TaskWeaver and Djinn Stealer ...
Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...
Microsoft says hotel phishing emails are using Calendly links and photo ZIP files to drop the TonRAT Node.js implant on front ...
A new backdoor dubbed Mistic has been observed in financially motivated attacks targeting organizations in the insurance, ...
A malicious dependency the attackers added to over 140 Mastra packages fetches a payload targeting cryptocurrency extensions. The North Korean state-sponsored threat actor Sapphire Sleet is behind the ...
Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...
Feel free to file issues or ask questions on our issue tracker, and we welcome code contributions - see Contributing for information. The Node.js development workload is available as part of Visual ...
Node.js has released updates to fix what it described as a critical security issue impacting "virtually every production Node.js app" that, if successfully exploited, could trigger a denial-of-service ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results