Tag: javascript
66 articles

Malicious Vite npm Packages Exploit Blockchain C2 for RAT Delivery
Security researchers have uncovered a sneaky campaign, dubbed ViteVenom, involving seven malicious npm packages that target Vite developers, executing malicious code as soon as they're imported. These packages, published in a matter of days, may have modest download counts, but their stealthy nature raises major red flags for the supply-chain community.

Blogger Platform Exploited in VEIL#DROP Malware Attack Chain
The VEIL#DROP malware attack chain starts with a sneaky JavaScript file, cleverly disguised as a harmless document, which executes through Windows Script Host and launches PowerShell with execution policy bypasses enabled. This multi-stage threat can be triggered by spear-phishing or a simple visit to a compromised website.

Malware Exploits VS Code Tasks in Hijacked Packages
Researchers have uncovered a sneaky malware attack that hides in Visual Studio Code tasks, masquerading as a harmless "eslint-check" task that springs into action the moment you open a compromised package directory in VS Code. The malware cleverly disguises its executable payload as a font file, allowing it to slip past defenses undetected.

Protobuf.js Vulnerabilities Expose Node.js Apps to Code Execution, DoS
A single malicious protobuf schema could be all it takes to trigger crashes, corrupt runtimes, or even execute code in vulnerable Node.js apps, warns Cyera security researcher Assaf Morag. Six newly identified vulnerabilities in protobuf.js, known as Proto6, carry high severity scores and could put your app at risk.

FortiGuard Labs Exposes Sophisticated Phishing Campaign Targeting Windows Users
Beware of a sneaky phishing campaign that's targeting Windows users with a multi-stage attack chain, starting with a seemingly harmless email attachment that unleashes a powerful malware. This stealthy threat uses clever tactics like process hollowing to inject malicious code into trusted Windows processes.

GitHub-Hosted Malware Targets PHP Packages in Coordinated Supply Chain Attack
Malicious code was injected into eight PHP packages on Packagist, triggering a Linux binary download from GitHub Releases via JavaScript lifecycle hooks in package.json postinstall scripts. The attack was swiftly contained, with the malicious versions removed from Packagist.

Vm2 Sandbox Flaw Exposes Host Systems to Code Execution Risk
A critical vulnerability, CVE-2026-26956, in the popular vm2 Node.js library can allow attackers to break free from the sandbox and execute malicious code on your host system, putting your entire environment at risk. To stay safe, upgrade to vm2 version 3.10.5 or later, or 3.11.2 for the latest protection.

Malware Worms Into SAP, Intercom and Lightning Developer Tools
Malicious actors struck SAP's JavaScript and cloud application development ecosystem on April 29, releasing poisoned versions of four widely-used npm packages that receive a staggering 572,000 weekly downloads. The compromised packages, which included mbt, @cap-js/db-service, @cap-js/postgres, and @cap-js/sqlite, were published in a brief window of just two hours.

Protobuf library flaw enables remote JavaScript code execution
A critical flaw in the popular protobuf.js library has been exposed, allowing hackers to execute JavaScript code remotely - and a proof-of-concept exploit has already been published, putting countless systems at risk.

North Korea-linked actor compromises axios NPM package
A shocking discovery by Google Threat Intelligence Group has exposed a vulnerability in the popular axios NPM package, which has over 100 million weekly downloads, and has raised urgent questions about the trustworthiness of software supply chains. A malicious dependency was secretly introduced into axios releases, putting countless applications at risk.

LinkedIn Harvests Browser Data with Secret Chrome Extension Scans
A recent report, dubbed BrowserGate, uncovers LinkedIn's hidden practice of scanning visitors' browsers for installed extensions and harvesting device data, raising serious questions about user privacy. The professional social network reportedly checks for over 6,000 Chrome extensions, leaving users to wonder: what should LinkedIn know about your browser?

LinkedIn Harvests Browser Data with Secret JavaScript Scripts
Did you know that LinkedIn is quietly harvesting browser data, including a list of your installed Chrome extensions, every time you load a page? A recent analysis, dubbed BrowserGate, uncovered the surprising truth behind LinkedIn's use of secret JavaScript scripts to scan visitor browsers.

Axios Library Compromised in North Korea-Linked Supply Chain Attack
A widely-used JavaScript library, Axios, has been compromised in a supply-chain attack linked to North Korea, allowing attackers to secretly inject malicious code into millions of applications and systems. This sneaky move has sent shockwaves through the open-source software community, highlighting the vulnerability of even the most trusted code.

Google Links Axios npm Breach to North Korea's UNC1069 Group
Google's threat intelligence team has linked a recent breach of the Axios npm package to UNC1069, a North Korean hacking group motivated by financial gain. This alarming discovery highlights the vulnerability of the software supply chain to state-linked cybercrime.

Malware Alert: Critical Axios NPM Hack Spreads Devastating Cross-Platform Threats
A critical security breach has hit Axios, a widely-used JavaScript library with over 100 million weekly downloads, leaving developers and users vulnerable to devastating cross-platform threats. This shocking incident raises a crucial question: can even the most trusted software sources be considered secure?

Axios Backdoor: Critical npm Supply Chain Attack Unleashes Devastating RAT Malware
A single compromised account has triggered a critical supply chain attack on Axios, a widely-used JavaScript library, unleashing devastating RAT malware and putting millions of developers worldwide at risk. This shocking breach highlights the urgent need for more stringent security measures to protect our global software ecosystem.

Axios Hit by Critical Supply Chain Attack
A critical supply chain attack has hit Axios, a popular HTTP client, compromising the integrity of its npm package and raising fresh concerns about the security of our digital infrastructure. Malicious versions of the Axios package were published, injecting a fake dependency that put users at risk.

Shai-Hulud-Like Worm: Exclusive Critical npm Threat
What if the npm packages you trust were actually malicious? Researchers uncovered a Shai‑Hulud‑like, self‑replicating worm hidden in npm packages that runs at install time to steal developer and CI secrets, hijack AI tooling, and spread across the registry.

New npm Malware Campaign Exclusive: Severe Crypto Redirects
When the libraries you trust become trapdoors, developers are in for a rude awakening: a new npm malware campaign by dino_reborn hides in seven packages and uses cloaking and fake CAPTCHAs to selectively redirect victims to cryptocurrency phishing flows. This supply‑chain‑style attack evades scanners by activating only under certain conditions, turning convenience into a costly risk.

Npm Malware: Shocking Invisible Dependencies Are Dangerous
Think your npm packages are safe? Recent attacks that slipped malicious code into 126 npm packages — roughly 86,000 downloads — show how invisible dependency changes can cascade into thousands of projects, so token hygiene, 2FA and publish provenance matter more than ever.

Self-Replicating Worm: Stunning Threat Hits 180+ Packages
A stark wake-up call: a self-replicating worm has infected 187+ NPM packages, stealing and publicly exposing developer tokens during installs. By weaponizing automated installs and transitive dependencies, it turns every npm install into a potential propagation engine.

18 Popular Code Packages Hacked: Stunning Crypto Theft Risk
Imagine one convincing phishing email letting attackers slip crypto‑stealing code into 18 popular JavaScript packages — collectively downloaded billions of times each week. The breach lays bare how fragile the software supply chain is: a single compromised maintainer can push malicious updates into countless projects and developer environments.

Self-Replicating Worm Compromises 180+ Software Packages
What if the package you just installed quietly handed an attacker your API keys? Researchers found a self‑replicating worm in 187 npm packages that harvests secrets during install, posts them to a public GitHub repo, and uses each new install to spread and pivot into other projects.

Self-Replicating Worm Infiltrates 180+ Software Packages
The packages you trust might be betraying you: researchers found a self‑replicating worm in 187+ NPM modules that steals developer tokens, posts them publicly, and uses those leaked credentials to replicate—turning routine installs into a spreading infection.