Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain ...

Malicious npm package posing as a WhatsApp Web API library operated for months as a functional dependency while stealing ...

You’ve spent weeks, maybe months, crafting your dream Electron app. The UI looks clean, the features work flawlessly, and you finally hit that Build button. Excited, you send the installer to your ...

Learn why modern SaaS platforms are adopting passwordless authentication to improve security, user experience, and reduce breach risks.

The new self-replicating worm iteration has destructive capabilities, erasing home directory contents if it cannot spread to more repositories. Approximately 640 NPM packages have been infected with a ...

Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. The malicious ...

Artur is a copywriter and SEO specialist, as well as a small business owner. In his free time, he loves to play computer games and is glad that he was able to connect his professional career with his ...

Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence – in ...

Attackers have poisoned a code package on the npm registry in a novel way, hiding credential-stealing malware in steganographic QR codes embedded in a package purporting to offer a JavaScript utility.

A malicious npm package named Fezbox has been found using an unusual technique to conceal harmful code. The package employs a QR code as part of its obfuscation strategy, ultimately aiming to steal ...

Newly discovered npm package 'fezbox' employs QR codes to retrieve cookie-stealing malware from the threat actor's server. The package, masquerading as a utility library, leverages this innovative ...