The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other ...
Microsoft Defender Experts identified a coordinated developer-targeting campaign delivered through malicious repositories disguised as legitimate Next.js projects and technical assessment materials.
The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its malware programs, indicating that the hacking group is ...
A potential npm supply chain disaster was averted in record time after attackers took over a verified developer’s credentials. On September 8, Josh Junon, a developer with over 1800 GitHub ...
JSO is a simple and flexible OAuth javascript library to use in your web application or native mobile app. JSO is provided by UNINETT AS, a non-profit company working for educational and research ...
Maintainer Jordan Harband writes on Bluesky that attackers had taken over the account of another project manager. Versions 3.3.1 and 5.0.0 of the package are affected. Both versions were apparently ...
Popular JavaScript libraries were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. The attacker(s) used stolen ...
Community driven content discussing all aspects of software development from DevOps to design patterns. Note, this article deals with client-side JavaScript. For a client and server-side JavaScript ...
Since October 2024, Microsoft Defender Experts (DEX) has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results