A malware named IronWorm spread through 36 npm packages in the Arweave ecosystem, stealing developer credentials and self ...

CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and ...

FROST uses JavaScript and OPFS SSD timing to identify websites at 88.95% F1, exposing cross-browser privacy leaks.

Weekly ThreatsDay recap: old bugs, fake tools, shady payload tricks, AI mishaps, and the usual reminder that the internet is ...

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and ...

Dubai-based cybersecurity researcher Rylan Anil has claimed that he identified a major security lapse in the NTA’s official re-examination portal.

Snapmaker Luban is an easy-to-use 3-in-1 software tailor-made for Snapmaker machines. You can customize the printer settings and control the machine in Luban anytime with ease. The software also ...

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...

The AI company's Bumblebee tool tackles your most urgent question after any supply‑chain advisory: Do your programmers have ...

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique ...