The Hacker News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and ...
The Caledonian-Record

BYDFi Joins Solana Accelerate APAC at Consensus Hong Kong, Expanding Solana Ecosystem Engagement

Global crypto trading platform BYDFi participated as a sponsor of Solana Accelerate APAC at Consensus Hong Kong 2026, held ...
TMCnet

Arcjet Launches v1.0 of its JavaScript SDK, Establishing Stability as a Core Developer Feature

"Shipping v1.0 is a clear signal to developers that Arcjet's API is stable and fully tested with real production workloads," said David Mytton, CEO at Arcjet. "Security should not introduce more work.
The Hacker News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.
InfoWorld

Beyond NPM: What you need to know about JSR

Here's how the JavaScript Registry evolves makes building, sharing, and using JavaScript packages simpler and more secure ...
MarketWatch

RenderATL 2026 to Host OpenJS Summit: Spotlighting the Future of JavaScript

The MarketWatch News Department was not involved in the creation of this content. Dedicated single-track experience connects developers, maintainers, and technical leaders for hands-on learning ...
TMCnet

RenderATL 2026 to Host OpenJS Summit: Spotlighting the Future of JavaScript

ATLANTA, Jan. 27, 2026 /PRNewswire/ --RenderATL, the leading tech conference merging innovation, culture, and code, today announced a first-of-its-kind collaboration with the OpenJS Foundation to host ...
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Half a dozen vulnerabilities in the JavaScript ecosystem’s leading package managers — including NPM, PNPM, VLT, and Bun — could be exploited to bypass supply chain attack protections, according to ...
Bleeping Computer

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

The defense mechanisms that NPM introduced after the 'Shai-Hulud' supply-chain attacks have weaknesses that allow threat actors to bypass them via Git dependencies. Collectively called PackageGate, ...
InfoWorld

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ‘the JavaScript ecosystem deserves better.’ ...
Digital Journal

Engineering excellence in modern web development: A conversation with Nithish Nadukuda

The modern web development landscape demands engineers who can seamlessly blend technical expertise with business acumen, delivering solutions that scale to serve millions of users while maintaining ...
CSOonline

From typos to takeovers: Inside the industrialization of npm supply chain attacks

According to IDC, 93% of organizations use open-source software, and npm remains the largest package registry in the JavaScript ecosystem. “Compromising a single popular package can immediately reach ...