Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain ...

Malicious npm package posing as a WhatsApp Web API library operated for months as a functional dependency while stealing ...

WhatsApp Web users are at risk from a malicious software package that can secretly spy on accounts, potentially giving hackers long-term access.

Security analysts have uncovered a large-scale phishing operation utilising 175 npm packages as infrastructure to redirect victims to credential-harvesting sites. The packages, collectively downloaded ...

Morocco officially inaugurated today the permanent secretariat of the African Network of National Preventive Mechanisms at the headquarters of the National Human Rights Council (CNDH), marking a major ...

The Tea Protocol was founded by Max Howell, who created open source package manager Homebrew, and Lewis, who established ...

Popular blockchain network Solana (SOL) has been under what has been identified as the fourth-largest distributed ...

Cerity’s $10 million stake gives its advisors a front-row role in NPM-run liquidity programs, with planning support tied to employee tender proceeds.

North Korea's 'Contagious Interview' campaign to target job seekers has expanded yet again, this time with a persistent npm package-poisoning game that runs like a well-oiled machine. Threat actors ...

A new malware campaign built around seven npm packages has been uncovered by cybersecurity experts. The campaign, observed by the Socket Threat Research Team, is operated by a threat actor known as ...

If you needed another reminder that our software supply chains are only as strong as their smallest link, the JavaScript ecosystem delivered it. In early September, attackers phished the NPM account ...