Security firm Trend Micro has discovered an attack on home routers that involves malicious JavaScript, a mobile website, and a mobile device such as a smartphone. This attack has been taking place ...
NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by bitcoin wallets. A major NPM developer, qix, has had their account compromised.
IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...
The new Rowhammer exploit doesn't just target hardware -- it uses Javascript to do it, and can run within a web browser. Share on Facebook (opens in a new window) Share on X (opens in a new window) ...
In a supply chain attack, attackers install backdoors through the WordPress plugins OptinMonster, TrustPulse, and PushEngage.
A large-scale supply chain attack on the JavaScript ecosystem has prompted an urgent warning from Ledger's chief technology officer, Charles Guillemet, who advised users without hardware wallets to ...
The notification arrived on September 14, 2025, at 17:58 UTC. Somewhere in the sprawling npm registry—home to 2.5 million JavaScript packages that power everything from banking apps to smart ...
In a newly discovered supply chain attack, attackers last week targeted a range of npm-hosted JavaScript type testing utilities, several of which were successfully compromised to distribute malware.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results