Stolen and leaked credentials lead to Node.js packages from AsyncAPI and Jscrambler Code Integrity being poisoned with ...
Five malicious versions of AsyncAPI packages were published to the Node Package Manager (npm) in a supply-chain attack that ...
JFrog finds 148 npm proxy packages turned student browsers into a DDoS botnet, while a mutable loader lets operators re-arm ...
A SimpleHelp authentication flaw is being exploited to deploy Djinn Stealer, a cross-platform malware targeting cloud, developer, and AI credentials. A critical flaw in SimpleHelp, remote-access ...
An unknown threat actor has been observed exploiting a recently disclosed maximum-severity security flaw in SimpleHelp to deliver two previously unreported malware families, TaskWeaver and Djinn ...
The Miasma malware campaign has claimed another victim, poisoning more than 20 versions of legitimate npm packages used by the Leo Platform and RStreams ecosystems as its operators continue refining ...
From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet
June 19, 2026 update: Microsoft assesses with high confidence that this activity is attributable to Sapphire Sleet, a North Korean state actor that primarily targets the financial sector. The ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results