Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

The vm2 sandbox component of the open-source JavaScript runtime environment Node.js is vulnerable with certain settings.

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...

In the first five months of 2026, security researchers have flagged more malicious packages on the npm registry than in all ...

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...

Dr. James McCaffrey presents a complete end-to-end demonstration of linear regression using JavaScript. Linear regression is the simplest machine learning technique to predict a single numeric value, ...

Forbes contributors publish independent expert analyses and insights. Alex Vakulov is a cybersecurity expert focused on consumer security. Jan 13, 2025, 09:22am EST A shocked man on a sofa, realizing ...

Google says it’s been increasingly relying on AI to counter AI-powered malware, strengthening Android defenses before threats reach users. Over 1.75 million harmful apps were blocked from the Play ...

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser, allowing attackers to ...