Stolen and leaked credentials lead to Node.js packages from AsyncAPI and Jscrambler Code Integrity being poisoned with ...
A newly-disclosed exploit in Claude Code’s ‘auto-mode’ leaves developers facing remote code execution (RCE) vulnerabilities ...
North Korea-linked hackers have upgraded the InvisibleFerret malware to bypass script-based security tools, converting its Python code into compiled modules that are harder for defenders to inspect ...
A hacker used Ostium's own price-reporting infrastructure against the protocol, submitting falsified future-dated oracle data to manufacture fake trading profits and trigger an $18 million payout.
The Jscrambler client-side web security company disclosed that a threat actor published a malicious version of its npm ...
Security researchers caught hackers trying to plant a backdoor inside the Injective npm package — a widely used tool in ...
A popular artificial intelligence (AI) coding tool can be exploited in just two clicks, allowing attackers to install permission-rich model context protocol (MCP) servers on privileged developers' ...
JFrog finds 148 npm proxy packages turned student browsers into a DDoS botnet, while a mutable loader lets operators re-arm ...
Five malicious versions of AsyncAPI packages were published to the Node Package Manager (npm) in a supply-chain attack that ...
Upwind traces multiple compromised AsyncAPI npm packages to a coordinated supply chain attack targeting software release pipelines and publishing identities.
Malicious Jscrambler NPM package versions distributed a cross-platform credential stealer in a new supply chain attack.
Socket found a compromised Injective npm package stealing wallet keys amid rising crypto supply chain attacks.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results