The typosquatted packages auto-execute on installation, fingerprint victims by IP, and deploy a PyInstaller binary to harvest ...

Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component ...

An advanced malware campaign on the npm registry steals the very keys that control enterprise cloud infrastructure.

Recently, security researchers Socket found 10 packages on npm targeting software developers, specifically those who use the ...

Ten typosquatted npm packages (Jul 4, 2025) delivered a 24MB PyInstaller info stealer using 4 obfuscation layers; ~9,900 ...

Version 1.3 of the Bun JavaScript runtime and toolkit has landed, pushing forward the project's goal to consolidate fragmented JavaScript toolchains into a single solution. Yet the rapid expansion has ...

Steak 'n Shake plans to install the "tallest and biggest American flag" at all of its locations. The restaurant chain's owner, Sardar Biglari, has aligned the brand with conservative values and ...

Recently, there were reports of the tinycolor npm package, which is a widely used color manipulation library, being compromised as part of an attack affecting over 40 packages. This was already a ...

What the Script: Supply chain attacks are traditionally designed to inflict maximum damage on structured organizations or companies. However, when such an attack compromises a supply chain that an ...

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...