IEEE

Undefined-oriented Programming: Detecting and Chaining Prototype Pollution Gadgets in Node.js Template Engines for Malicious Consequences

Abstract: Prototype pollution is a type of recently-discovered, impactful vulnerability that affects JavaScript code. One important yet challenging research problem of prototype pollution is how to ...
Analytics Insight

Top Node.js Libraries Used by Backend Developers in 2026

Backend development is mainly defined by the library used to develop it. Choosing modern, optimized Node.js libraries directly impacts scalability, speed, and maintainability. Development time can be ...
The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating ...
Hacker

A Nodejs Tutorial: OpenPGP Crypto Functions on a Node API Server

Bob has been designing hardware and coding software for decades. He likes to draw and write. He’s a web cadet wannabe. Bob has been designing hardware and coding software for decades. He likes to draw ...
The Hacker News

Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers

Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration. The activity, first ...
Microsoft

Threat actors misuse Node.js to deliver malware and other malicious payloads

Since October 2024, Microsoft Defender Experts (DEX) has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to ...