Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
thetechedvocate.org

How to enable JavaScript in browser

JavaScript is the heartbeat of the modern web. If you’ve ever felt frustrated by certain web pages that just don’t seem to work, the culprit might be that JavaScript is disabled in your browser. This ...
Tech Times

npm v12 Security Overhaul Blocks Install Scripts by Default: July Deadline for CI Migration

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...
The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf), that, if successfully exploited, could ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...
blockonomi

TrapDoor Malware Campaign Infiltrates Developer Supply Chains to Target Crypto and AI Projects

Cybersecurity company Socket identified a sophisticated malware operation dubbed “TrapDoor” that distributed 34 compromised packages throughout npm, PyPI, and Crates development platforms The ...
IEEE

Undefined-oriented Programming: Detecting and Chaining Prototype Pollution Gadgets in Node.js Template Engines for Malicious Consequences

Abstract: Prototype pollution is a type of recently-discovered, impactful vulnerability that affects JavaScript code. One important yet challenging research problem of prototype pollution is how to ...
heise online

Node.js: Four critical security gaps with maximum rating in vm2 closed

The vm2 sandbox of the open-source JavaScript runtime environment Node.js just can't escape the headlines, and the developers are now closing further “critical” security vulnerabilities. Once again, ...
Homeland Security Today

Supply Chain Compromise Impacts Axios Node Package Manager , CISA Alert Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm). 1 ...
LinkedIn

Why Node.js Is Still Popular in 2026

Node.js has been around since 2009, and yet in 2026 it remains one of the most widely deployed backend runtimes on the planet. That's not inertia — it's earned relevance. Here's why developers and ...
Windows Report

Hackers Breached Axios npm by Impersonating Companies and Hijacking Maintainer Access

A recent attack on the widely used JavaScript library Axios has exposed developers to a serious supply chain breach. The incident involved malicious packages that stayed live for hours and silently ...
Developer Tech

Axios npm attack causes JavaScript supply chain chaos

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million weekly downloads. The North Korean state actor Sapphire Sleet compromised the ...