Upwind traces multiple compromised AsyncAPI npm packages to a coordinated supply chain attack targeting software release pipelines and publishing identities.
Malicious Jscrambler NPM package versions distributed a cross-platform credential stealer in a new supply chain attack.
JFrog finds 148 npm proxy packages turned student browsers into a DDoS botnet, while a mutable loader lets operators re-arm ...
Crypto scams are becoming increasingly prevalent, drawing widespread attention. In fact, more than three breaches occurred in ...
Malicious jscrambler 8.14.0 runs hidden binaries during npm install on Windows, macOS, and Linux, with no fix available as of ...
Proton VPN just dropped its first official app on the Linux Snap Store. While it boasts easy one-click installation and a ...
Software supply chain attacks have become more common, with attackers increasingly targeting trusted developer tools instead ...
TypeScript 7.0 became stable on July 8, 2026 — and for most of the tens of millions of professional web developers who depend on it daily, a single npm install -D typescript command now cuts build ...
Security researchers caught hackers trying to plant a backdoor inside the Injective npm package — a widely used tool in ...
Hackers compromised the Injective Labs SDK project's GitHub repository and used it to publish a malicious package on the Node ...
Socket found a compromised Injective npm package stealing wallet keys amid rising crypto supply chain attacks.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results