Skip to main content

Tag: javascript

66 articles

Cluttered developer workstation with laptop, coding tools, and subtle blockchain diagram in background.

Malicious Vite npm Packages Exploit Blockchain C2 for RAT Delivery

Security researchers have uncovered a sneaky campaign, dubbed ViteVenom, involving seven malicious npm packages that target Vite developers, executing malicious code as soon as they're imported. These packages, published in a matter of days, may have modest download counts, but their stealthy nature raises major red flags for the supply-chain community.

Analyst 207
Laptop on a simple desk in a home office setting with a notepad and pen nearby.

Blogger Platform Exploited in VEIL#DROP Malware Attack Chain

The VEIL#DROP malware attack chain starts with a sneaky JavaScript file, cleverly disguised as a harmless document, which executes through Windows Script Host and launches PowerShell with execution policy bypasses enabled. This multi-stage threat can be triggered by spear-phishing or a simple visit to a compromised website.

Analyst 207
Cluttered developer workspace with laptop, papers, and coffee cups.

Malware Exploits VS Code Tasks in Hijacked Packages

Researchers have uncovered a sneaky malware attack that hides in Visual Studio Code tasks, masquerading as a harmless "eslint-check" task that springs into action the moment you open a compromised package directory in VS Code. The malware cleverly disguises its executable payload as a font file, allowing it to slip past defenses undetected.

Analyst 207
Node.js application running on a laptop in a developer's workspace with daylight in the background.

Protobuf.js Vulnerabilities Expose Node.js Apps to Code Execution, DoS

A single malicious protobuf schema could be all it takes to trigger crashes, corrupt runtimes, or even execute code in vulnerable Node.js apps, warns Cyera security researcher Assaf Morag. Six newly identified vulnerabilities in protobuf.js, known as Proto6, carry high severity scores and could put your app at risk.

Analyst 207
Office worker sits at desk with laptop and printer in background.

FortiGuard Labs Exposes Sophisticated Phishing Campaign Targeting Windows Users

Beware of a sneaky phishing campaign that's targeting Windows users with a multi-stage attack chain, starting with a seemingly harmless email attachment that unleashes a powerful malware. This stealthy threat uses clever tactics like process hollowing to inject malicious code into trusted Windows processes.

Analyst 207
Laptop and development tools sit on a cluttered workspace surrounded by generic technology equipment.

GitHub-Hosted Malware Targets PHP Packages in Coordinated Supply Chain Attack

Malicious code was injected into eight PHP packages on Packagist, triggering a Linux binary download from GitHub Releases via JavaScript lifecycle hooks in package.json postinstall scripts. The attack was swiftly contained, with the malicious versions removed from Packagist.

Analyst 207
Modern workspace with laptop and coding elements in natural daylight.

Vm2 Sandbox Flaw Exposes Host Systems to Code Execution Risk

A critical vulnerability, CVE-2026-26956, in the popular vm2 Node.js library can allow attackers to break free from the sandbox and execute malicious code on your host system, putting your entire environment at risk. To stay safe, upgrade to vm2 version 3.10.5 or later, or 3.11.2 for the latest protection.

Analyst 207
Modern workspace with a computer on a clutter-free desk, surrounded by minimal office decor.

Malware Worms Into SAP, Intercom and Lightning Developer Tools

Malicious actors struck SAP's JavaScript and cloud application development ecosystem on April 29, releasing poisoned versions of four widely-used npm packages that receive a staggering 572,000 weekly downloads. The compromised packages, which included mbt, @cap-js/db-service, @cap-js/postgres, and @cap-js/sqlite, were published in a brief window of just two hours.

Analyst 207
Lone figure in shadows holds cracked smartphone, near eerie glowing laptop, against ominous cityscape backdrop.

Protobuf library flaw enables remote JavaScript code execution

A critical flaw in the popular protobuf.js library has been exposed, allowing hackers to execute JavaScript code remotely - and a proof-of-concept exploit has already been published, putting countless systems at risk.

Analyst 207
Shadowy figure lurks near laptop with tangled wires and broken padlock, amidst eerie city glow.

North Korea-linked actor compromises axios NPM package

A shocking discovery by Google Threat Intelligence Group has exposed a vulnerability in the popular axios NPM package, which has over 100 million weekly downloads, and has raised urgent questions about the trustworthiness of software supply chains. A malicious dependency was secretly introduced into axios releases, putting countless applications at risk.

Analyst 207
LinkedIn Harvests Browser Data with Secret Chrome Extension Scans

LinkedIn Harvests Browser Data with Secret Chrome Extension Scans

A recent report, dubbed BrowserGate, uncovers LinkedIn's hidden practice of scanning visitors' browsers for installed extensions and harvesting device data, raising serious questions about user privacy. The professional social network reportedly checks for over 6,000 Chrome extensions, leaving users to wonder: what should LinkedIn know about your browser?

Analyst 207
LinkedIn Harvests Browser Data with Secret JavaScript Scripts

LinkedIn Harvests Browser Data with Secret JavaScript Scripts

Did you know that LinkedIn is quietly harvesting browser data, including a list of your installed Chrome extensions, every time you load a page? A recent analysis, dubbed BrowserGate, uncovered the surprising truth behind LinkedIn's use of secret JavaScript scripts to scan visitor browsers.

Analyst 207
Axios Library Compromised in North Korea-Linked Supply Chain Attack

Axios Library Compromised in North Korea-Linked Supply Chain Attack

A widely-used JavaScript library, Axios, has been compromised in a supply-chain attack linked to North Korea, allowing attackers to secretly inject malicious code into millions of applications and systems. This sneaky move has sent shockwaves through the open-source software community, highlighting the vulnerability of even the most trusted code.

Analyst 207
Google Links Axios npm Breach to North Korea's UNC1069 Group

Google Links Axios npm Breach to North Korea's UNC1069 Group

Google's threat intelligence team has linked a recent breach of the Axios npm package to UNC1069, a North Korean hacking group motivated by financial gain. This alarming discovery highlights the vulnerability of the software supply chain to state-linked cybercrime.

Analyst 207
Malware Alert: Critical Axios NPM Hack Spreads Devastating Cross-Platform Threats

Malware Alert: Critical Axios NPM Hack Spreads Devastating Cross-Platform Threats

A critical security breach has hit Axios, a widely-used JavaScript library with over 100 million weekly downloads, leaving developers and users vulnerable to devastating cross-platform threats. This shocking incident raises a crucial question: can even the most trusted software sources be considered secure?

Analyst 207
Axios Backdoor: Critical npm Supply Chain Attack Unleashes Devastating RAT Malware

Axios Backdoor: Critical npm Supply Chain Attack Unleashes Devastating RAT Malware

A single compromised account has triggered a critical supply chain attack on Axios, a widely-used JavaScript library, unleashing devastating RAT malware and putting millions of developers worldwide at risk. This shocking breach highlights the urgent need for more stringent security measures to protect our global software ecosystem.

Analyst 207
Axios Hit by Critical Supply Chain Attack

Axios Hit by Critical Supply Chain Attack

A critical supply chain attack has hit Axios, a popular HTTP client, compromising the integrity of its npm package and raising fresh concerns about the security of our digital infrastructure. Malicious versions of the Axios package were published, injecting a fake dependency that put users at risk.

Analyst 207
Shai-Hulud-Like Worm: Exclusive Critical npm Threat

Shai-Hulud-Like Worm: Exclusive Critical npm Threat

What if the npm packages you trust were actually malicious? Researchers uncovered a Shai‑Hulud‑like, self‑replicating worm hidden in npm packages that runs at install time to steal developer and CI secrets, hijack AI tooling, and spread across the registry.

Analyst 207
New npm Malware Campaign Exclusive: Severe Crypto Redirects

New npm Malware Campaign Exclusive: Severe Crypto Redirects

When the libraries you trust become trapdoors, developers are in for a rude awakening: a new npm malware campaign by dino_reborn hides in seven packages and uses cloaking and fake CAPTCHAs to selectively redirect victims to cryptocurrency phishing flows. This supply‑chain‑style attack evades scanners by activating only under certain conditions, turning convenience into a costly risk.

Analyst 207
Npm Malware: Shocking Invisible Dependencies Are Dangerous

Npm Malware: Shocking Invisible Dependencies Are Dangerous

Think your npm packages are safe? Recent attacks that slipped malicious code into 126 npm packages — roughly 86,000 downloads — show how invisible dependency changes can cascade into thousands of projects, so token hygiene, 2FA and publish provenance matter more than ever.

Analyst 207
Massive tangled worm emerges from cracked package box amidst shattered screens and wires, with ominous cityscape looming in…

Self-Replicating Worm: Stunning Threat Hits 180+ Packages

A stark wake-up call: a self-replicating worm has infected 187+ NPM packages, stealing and publicly exposing developer tokens during installs. By weaponizing automated installs and transitive dependencies, it turns every npm install into a potential propagation engine.

Analyst 207
18 Popular Code Packages Hacked: Stunning Crypto Theft Risk

18 Popular Code Packages Hacked: Stunning Crypto Theft Risk

Imagine one convincing phishing email letting attackers slip crypto‑stealing code into 18 popular JavaScript packages — collectively downloaded billions of times each week. The breach lays bare how fragile the software supply chain is: a single compromised maintainer can push malicious updates into countless projects and developer environments.

Analyst 207
Self-Replicating Worm Compromises 180+ Software Packages

Self-Replicating Worm Compromises 180+ Software Packages

What if the package you just installed quietly handed an attacker your API keys? Researchers found a self‑replicating worm in 187 npm packages that harvests secrets during install, posts them to a public GitHub repo, and uses each new install to spread and pivot into other projects.

Analyst 207
Self-Replicating Worm Infiltrates 180+ Software Packages

Self-Replicating Worm Infiltrates 180+ Software Packages

The packages you trust might be betraying you: researchers found a self‑replicating worm in 187+ NPM modules that steals developer tokens, posts them publicly, and uses those leaked credentials to replicate—turning routine installs into a spreading infection.

Analyst 207