News

Massive npm hack poisons 18 packages with billions of downloads

Npm packages are reusable blocks of JavaScript code published to the Node Package Manager registry that developers can ...
HUB3y

Computer scientist identifies JavaScript vulnerability in thousands of websites

Millions of developers use JavaScript to build websites and mobile apps, making it one of the most popular programming languages in the world. But according to Johns Hopkins researchers, thousands of ...
Krebs on Security2d

18 Popular Code Packages Hacked, Rigged to Steal Crypto

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...
Crypto News2d

“Avoid On-Chain Transactions”: Ledger CTO Issues Urgent Warning After JavaScript Attack

A JavaScript supply chain attack has delivered a crypto-clipper via 18 npm packages; Ledger’s CTO has warned ...
Bleeping Computer2y

Exploit available for critical bug in VM2 JavaScript sandbox library

Proof-of-concept exploit code has been released for a recently disclosed critical vulnerability in the popular VM2 library, a JavaScript sandbox that is used by multiple software to run code securely ...
Bleeping Computer3y

Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps

Users of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking. Some surmised if the NPM ...