Stolen and leaked credentials lead to Node.js packages from AsyncAPI and Jscrambler Code Integrity being poisoned with ...
A newly-disclosed exploit in Claude Code’s ‘auto-mode’ leaves developers facing remote code execution (RCE) vulnerabilities ...
The Jscrambler client-side web security company disclosed that a threat actor published a malicious version of its npm ...
Security researchers caught hackers trying to plant a backdoor inside the Injective npm package — a widely used tool in ...
A hacker used Ostium's own price-reporting infrastructure against the protocol, submitting falsified future-dated oracle data to manufacture fake trading profits and trigger an $18 million payout.
Five malicious versions of AsyncAPI packages were published to the Node Package Manager (npm) in a supply-chain attack that ...
JFrog finds 148 npm proxy packages turned student browsers into a DDoS botnet, while a mutable loader lets operators re-arm ...
A popular artificial intelligence (AI) coding tool can be exploited in just two clicks, allowing attackers to install permission-rich model context protocol (MCP) servers on privileged developers' ...
Malicious Jscrambler NPM package versions distributed a cross-platform credential stealer in a new supply chain attack.
Upwind traces multiple compromised AsyncAPI npm packages to a coordinated supply chain attack targeting software release pipelines and publishing identities.
Ostium DEX drained $18M USDC via compromised oracle key on Arbitrum. Attacker used future-dated prices to loop profitable trades and empty vault. Major RWA perp protocol hit despite $27.8M funding ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results