Hulud-like Sandworm_Mode supply chain attack targets NPM developers to steal secrets and poison AI assistants.
Project initiated by Nuxt lead Daniel Roe attracts wide support thanks to multiple issues with the official interface A new ...
While the AI itself wasn’t weaponized, the technique raises concerns about AI agents with broad system access.
The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a ...
A recent supply-chain attack on a widely used JavaScript developer account could have spread malicious code across the web, Ledger CTO Charles Guillemet warned in an interview with TheStreet ...
The open-source project npmx is used for fast searching of npm packages. It focuses on UX, displays vulnerability warnings, and offers a dark mode.
In a surprising move, the popular open source project, SheetJS aka "xlsx," has dropped support for the npm registry. Downloaded about 1.4 million times weekly on npm, SheetJS is relied upon by NodeJS ...
Tenable Research investigated a malicious package in the npm public registry named “amber-src” that underscores the rapid nature of modern supply chain attacks. The package, which was downloaded ...
Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results