Microsoft reports an active cyber campaign targeting hotels in Europe and Asia using fake photo ZIPs, PowerShell malware, and Node.js implants with evolving evasion tactics. magnific.com Microsoft ...

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

JavaScript is the heartbeat of the modern web. If you’ve ever felt frustrated by certain web pages that just don’t seem to work, the culprit might be that JavaScript is disabled in your browser. This ...

GitHub's npm package manager will ship its most significant security redesign in years this July, when npm v12 makes three long-automatic install behaviors require ...

Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf), that, if successfully exploited, could ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...

Socket says a campaign of malicious packages is aiming to steal crypto and is injecting hidden instructions that hijack popular AI coding assistants. An active supply chain attack is targeting crypto ...

Abstract: Prototype pollution is a type of recently-discovered, impactful vulnerability that affects JavaScript code. One important yet challenging research problem of prototype pollution is how to ...

The vm2 sandbox of the open-source JavaScript runtime environment Node.js just can't escape the headlines, and the developers are now closing further “critical” security vulnerabilities. Once again, ...

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the security risks of hallucinated dependencies. Attackers too are looking to cash ...

Node.js has been around since 2009, and yet in 2026 it remains one of the most widely deployed backend runtimes on the planet. That's not inertia — it's earned relevance. Here's why developers and ...

A recent attack on the widely used JavaScript library Axios has exposed developers to a serious supply chain breach. The incident involved malicious packages that stayed live for hours and silently ...