Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

Threat actors hijacked the popular npm package axios to spread RAT malware after compromising an open‑source maintainer’s ...

Ethereum and Solana developers were targeted by five malicious npm packages that steal private keys and send them to the ...

New attack waves from the ‘PhantomRaven’ supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers. The campaign ...

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...

Hackers linked to North Korea compromised the widely used Axios npm package by tricking a maintainer into installing malware ...

A threat actor has used 36 malicious NPM packages posing as Strapi plugins to distribute malware targeting Redis, Docker, and ...

Over 1,700 malicious packages since Jan 2025 fuel cross-ecosystem supply chain attacks, enabling espionage and financial ...

Researchers at Endor Labs uncovered 88 new packages tied to new waves of the campaign, which uses remote dynamic dependencies to deliver credential-stealing malware. Last year’s “PhantomRaven” ...

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...