North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...
Version 2.7 of the runtime for JavaScript and TypeScript stabilizes the Temporal API, introduces npm overrides, and ...
The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, ...
A malicious NPM package, ambar-src, mimicking a popular JavaScript framework, was downloaded nearly 50,000 times in a few ...
Four rogue NuGet packages and one npm package stole ASP.NET Identity data, deployed C2 backdoors, and reached over 50,000 ...
Discover 8 best online JavaScript compilers to practice code instantly. Compare features, speed, and ease of use. Start ...
Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.
Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a ...
For those unfamiliar with Operation Dream Job, it is an ongoing campaign created by North Korean state-sponsored hackers. They create fake job ads on LinkedIn and other platforms and offer enticing ...
Security researchers at Aikido on Sunday uncovered an apparently new Shai Hulud variant, uploaded to npm through a GitHub repository called @vietmoney/react-big-calendar. Shai Hulud is the moniker for ...
What Happened in the Shai Hulud JavaScript Attack? A major JavaScript supply-chain attack has compromised more than 400 NPM packages — including at least 10 widely used across the crypto ecosystem — ...
Shai-Hulud is the worst-ever npm JavaScript attack. This software supply chain worm attack is still ongoing. Here are some ways you can prevent such attacks. For those of you who aren't Dune fans, ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results