Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social ...
The campaign utilizes a multi-layered delivery chain designed to evade platform-level takedowns and maintain a high search engine ranking. The attack begins with SEO poisoning on various search ...
On March 31, NSFOCUS CERT detected that the npm repository of the HTTP client library Axios was poisoned by the supply chain. The attacker bypassed the normal GitHub Actions CI/CD pipeline of the ...
Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked maintainer account is behind the attack. The compromised versions silently ...
On 2026-03-31, an unknown threat actor compromised the npm account of jasonsaayman, the primary maintainer of axios. The attacker changed the account email to ifstap@proton[.]me and manually published ...
Bitdefender researchers have discovered a malicious Windsurf IDE (integrated development environment) extension that deploys a multi-stage NodeJS stealer by using the Solana blockchain as the payload ...
Microsoft Defender Experts identified a coordinated developer-targeting campaign delivered through malicious repositories disguised as legitimate Next.js projects and technical assessment materials.
This ruleset is a high-performance Bazel integration for JavaScript, based on the pnpm package manager. Aspect Workflows delivers on Bazel's promises of speed and cost-savings. It provides Continuous ...
Feature bloat, or added value for this JavaScript toolkit? The Bun team has released version 1.2.21 of its JavaScript bundler and runtime, written in Zig, adding features including built-in drivers ...
Some of the most popular apps in Windows 11 use so much RAM that they can impact your PC performance, and the fact that RAM prices are soaring high makes matters even worse. The issue is due to the ...
This blogpost introduces our latest white paper, presented at Virus Bulletin 2025, where we detail the operations of the North Korea-aligned threat actor we call DeceptiveDevelopment and its ...