GlassWorm malware uses a Zig-based dropper to infect developer tools, stealing data and spreading across IDEs.

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...

Security firm Trend Micro has discovered an attack on home routers that involves malicious JavaScript, a mobile website, and a mobile device such as a smartphone. This attack has been taking place ...

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

ThreatDown’s EDR team discovered a sophisticated, multi-stage attack chain during an active investigation; the first documented case of attackers abusing the Deno runtime as a malware execution ...

Gootloader JavaScript malware, commonly used to deliver ransomware, is back in action after a period of reduced activity.… Since October 27, security shop Huntress says it has spotted three Gootloader ...

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by bitcoin wallets. A major NPM developer, qix, has had their account compromised.

Over half of the malware Sonatype discovered in Q1 2025 was designed to exfiltrate sensitive information from infected systems, the company said. Software supply chain security company Sonatype ...

A global malware campaign has exposed more than 10 million people to deceptive crypto app ads, according to a new report from cybersecurity firm Check Point. Fake crypto app ads have exposed over 10 ...

It's not even your browser's fault.

A hacker has manipulated a widely-used JavaScript library, Axios, to distribute malware, potentially compromising millions of ...