Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social ...
JavaScript is the heartbeat of the modern web. If you’ve ever felt frustrated by certain web pages that just don’t seem to work, the culprit might be that JavaScript is disabled in your browser. This ...
Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based code analysis systems into overlooking malicious payloads. Threat actors ...
Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...
Socket says a campaign of malicious packages is aiming to steal crypto and is injecting hidden instructions that hijack popular AI coding assistants. An active supply chain attack is targeting crypto ...
Abstract: Prototype pollution is a type of recently-discovered, impactful vulnerability that affects JavaScript code. One important yet challenging research problem of prototype pollution is how to ...
The vm2 sandbox of the open-source JavaScript runtime environment Node.js just can't escape the headlines, and the developers are now closing further “critical” security vulnerabilities. Once again, ...
On April 29, 2026, someone slipped malicious code into four widely used SAP software packages. Within days, the infection had spread to at least 169 packages across the npm registry, the world’s ...
The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm). 1 ...
Just two weeks after a massive supply chain compromise, Axios, a widely used JavaScript library for making web requests, is experiencing another critical threat. It contains a bug that allows ...
OpenAI revealed on Friday that it’s one of many organizations affected by the recent Axios supply chain attack, which cybersecurity experts have attributed to North Korean hackers. Axios is a widely ...
Threat actors have found a way to inject arbitrary JavaScript into the Flowise low-code platform for building custom LLM and agentic systems. The code injection was possible due to a design oversight, ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results