Bad actors using typo-squatting place 39 malicious packages in npm that went undetected for two weeks. How should the open source community respond? Software development relies heavily on trust, ...
Researchers have discovered multiple npm packages named after NodeJS libraries that even pack a Windows executable that resembles NodeJS but instead drops a sinister trojan. These packages, given ...
The security team behind the "npm" repository for JavaScript libraries removed two npm packages this Monday for containing malicious code that installed a remote access trojan (RAT) on the computers ...
The npm security team has just recently removed a malicious JavaScript library from the npm website that contains malicious code that can be used for opening backdoors on certain programmers' ...
Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...
A hacker has gained (legitimate) access to a popular JavaScript library and has injected malicious code that steals Bitcoin and Bitcoin Cash funds stored inside BitPay's Copay wallet apps. The ...
Cross-site scripting (XSS) remains a serious threat, even though the most commonly used front-end frameworks come with many security functions as standard. Frameworks such as React or Angular offer ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results