Modern JavaScript teams do not just need more vulnerability reports. They need dependency decisions that developers can ...
PhantomEnigma uses more than 20 hijacked Brazilian government sites and compromised mailboxes to deliver a modular Node.js ...
Five malicious versions of AsyncAPI packages were published to the Node Package Manager (npm) in a supply-chain attack that ...
Stolen and leaked credentials lead to Node.js packages from AsyncAPI and Jscrambler Code Integrity being poisoned with ...
Attackers have been targeting hotels and other hospitality organizations with a phishing campaign that uses malicious zip files purporting to include guest photos, with the aim of installing malware ...
In a photo taken on June 14, 2018, students wearing Korean People's Army (KPA) uniforms sit before computer screens as they attend a class at the Mangyongdae Revolutionary School outside Pyongyang.
Follow ZDNET: Add us as a preferred source on Google. Red Hat was the victim of an npm security breach. The company has removed the affected packages. Check whether you use @redhat-cloud-services npm ...
@asyncapi/generator-helpers@1.1.1 @asyncapi/generator-components@0.7.1 @asyncapi/generator@3.3.1 @asyncapi/specs(v6.11.2, v6.11.2-alpha.1) "The compromised packages deploy an obfuscated first-stage ...
From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet
June 19, 2026 update: Microsoft assesses with high confidence that this activity is attributable to Sapphire Sleet, a North Korean state actor that primarily targets the financial sector. The ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results