Upwind traces multiple compromised AsyncAPI npm packages to a coordinated supply chain attack targeting software release pipelines and publishing identities.
Malicious Jscrambler NPM package versions distributed a cross-platform credential stealer in a new supply chain attack.
JFrog finds 148 npm proxy packages turned student browsers into a DDoS botnet, while a mutable loader lets operators re-arm ...
Crypto scams are becoming increasingly prevalent, drawing widespread attention. In fact, more than three breaches occurred in ...
Malicious jscrambler 8.14.0 runs hidden binaries during npm install on Windows, macOS, and Linux, with no fix available as of ...
Software supply chain attacks have become more common, with attackers increasingly targeting trusted developer tools instead ...
TypeScript 7.0 became stable on July 8, 2026 — and for most of the tens of millions of professional web developers who depend on it daily, a single npm install -D typescript command now cuts build ...
Security researchers caught hackers trying to plant a backdoor inside the Injective npm package — a widely used tool in ...
Socket found a compromised Injective npm package stealing wallet keys amid rising crypto supply chain attacks.
According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
Microsoft says TypeScript 7, announced July 8, brings native Go performance to VS Code, Visual Studio and other editors.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results