Could 2026 be the year of the beautiful back end? We explore the range of options for server-side JavaScript development, ...

Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a cloaking service called Adspect to differentiate between real victims and ...

Newly discovered npm package 'fezbox' employs QR codes to retrieve cookie-stealing malware from the threat actor's server. The package, masquerading as a utility library, leverages this innovative ...

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...

In a supply chain attack, the trending npm package, @ctrl/tinycolor, was in the target. Dastardly versions steal secrets through TruffleHog scanning. The npm package ecosystem has been compromised by ...

What the Script: Supply chain attacks are traditionally designed to inflict maximum damage on structured organizations or companies. However, when such an attack compromises a supply chain that an ...

Largest cryptocurrency product seems to be unaffected by biggest "supply chain" hack in history So far, no cryptocurrency service has reported losses as a result of clipper malware being injected into ...

A trusted maintainer of JavaScript libraries was compromised, injecting 18 widely downloaded npm packages with malicious code. The code swaps transactions with similar-looking destination addresses.

A new cyberattack has put millions of crypto users on alert after hackers slipped malicious code into NPM, the software registry that powers thousands of apps and websites, including many tied to ...

A large-scale supply chain attack on the JavaScript ecosystem has prompted an urgent warning from Ledger’s chief technology officer, Charles Guillemet, who advised users without hardware wallets to ...