Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...

Web analysis without Google: Umami 3.1 brings replays and custom dashboards

Umami 3.1.0 brings configurable dashboards, session replays, and Core Web Vitals tracking for privacy-friendly web analysis.

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...
InfoQ

Pretext.js Bypasses DOM Layout Reflow, Enabling Advanced UX Patterns at 120 FPS

Cheng Lou, a Midjourney engineer, recently released Pretext, a 15KB open-source TypeScript library that measures and lays out ...
InfoWorld

Malicious pgserve, automagik developer tools found in npm registry

Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ...
Dark Reading

Cybersecurity Resource Library

An IDC analyst report examines the operational and financial impact of an AI-powered threat intelligence platform on security teams across multiple industries. Organizations reported measurable gains ...