North Korean threat actors linked to the Contagious Interview campaign have published 108 unique malicious packages and browser extensions across npm, Packagist,…
Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages designed to deploy a Python-based information stealer on…
A new Linux kernel privilege escalation vulnerability, tracked as CVE-2026-43503 and nicknamed DirtyClone, has been publicly disclosed with a working exploit. Discovered…
On June 17, 2026, a software supply chain attack codenamed 'easy-day-js' compromised 145 npm packages under the @mastra/* namespace, a popular open-source…
Cybersecurity researchers at JFrog have uncovered a set of malicious npm packages that masquerade as legitimate PostCSS tools to deliver a Windows-based…