Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...

Oracle has released JDK (Java Development Kit) 25, the first long term support (LTS) version since JDK 21 two years ago. New ...

RevengeHotels used AI-generated phishing scripts to deploy Venom RAT in Brazil hotels in 2025, stealing travelers’ credit ...

An apparent "Dune" aficionado is responsible for the first self-propagating attack on the npm JavaScript repository in what one security company has ...

Bill is expected to make it a crime to intimidate or obstruct someone at a place of worship, school, or community centre, ...

The bundle.js script is designed to steal npm, GitHub, AWS and GCP tokens. But it also installs TruffleHog – an open source ...

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...

Zighra is a leading provider of On-Device AI solutions for continuous authentication and fraud detection on mobile and web applications. Brighterion solutions stop payment and acquirer fraud, reduce ...

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...

Halud, is compromising hundreds of NPM packages, spreading self-replicating malware, exfiltrating data, and turning private ...