Software supply chain security firm JFrog has disclosed the details of a critical vulnerability affecting a popular React ...
Recently, security researchers Socket found 10 packages on npm targeting software developers, specifically those who use the ...
The vulnerability, tracked as CVE-2025-11953, carries a CVSS score of 9.8 out of a maximum of 10.0, indicating critical ...
Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component ...
An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal ...
Having another security threat emanating from Node.js’ Node Package Manager (NPM) feels like a weekly event at this point, ...
A new library, React Native Godot, enables developers to embed the open-source Godot Engine for 3D graphics within a React ...
Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection.
Security researchers at software supply chain company JFrog Ltd. today revealed details of a critical vulnerability in React, ...
For the past four months, over 130 malicious NPM packages deploying information stealers have been collectively downloaded ...
Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.
The ongoing ‘PhantomRaven’ malicious campaign has infected 126 npm packages to date, representing 86,000 downloads ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback