npm
-
Supply Chain Compromise: art-template NPM Package Weaponized to Deliver Coruna iOS Exploits
In a sophisticated supply-chain attack, threat actors have compromised the widely utilized art-template npm package, transforming a trusted JavaScript templating…
Read More » -
Mini Shai-Hulud: Supply Chain Campaign Targets @antv Ecosystem
A sophisticated, large-scale supply chain attack has recently been detected targeting the npm registry, specifically compromising a wide array of…
Read More » -
Stealthy Pivot: North Korean Actors Leverage Git Hooks for ‘Contagious Interview’ Malware Delivery
In a sophisticated evolution of the ongoing “Contagious Interview” campaign, North Korean threat actors have pivoted away from traditional delivery…
Read More » -
Critical Zero-Day Vulnerability in Cline AI: Remote Code Execution via WebSocket Origin Flaw
A significant security flaw has been uncovered in the Cline AI coding assistant, specifically within its bundled kanban npm package.…
Read More » -
Critical Sandbox‑Escape Vulnerabilities Discovered in the vm2 Node.js Library
Multiple critical sandbox‑escape vulnerabilities have been disclosed in vm2, one of the most widely used Node.js sandboxing libraries, allowing attackers…
Read More » -
Typosquatting Alert: Malicious “tanstack” NPM Package Targets Developer Credentials via Stealthy Exfiltration
The open-source ecosystem faces a renewed threat as a sophisticated typosquatting campaign has been identified targeting the TanStack community. A…
Read More » -
SAP Developer Ecosystem Compromise: The Mini Shai-Hulud npm Supply Chain Attack
A sophisticated supply chain attack struck the SAP developer ecosystem on April 29, 2026, affecting four widely used npm packages…
Read More » -
The “Slinky” Trap: How a Fake Minecraft Cheat Deploys LofyStealer Malware
In a sophisticated social engineering campaign targeting the gaming community, Minecraft players are being targeted by a deceptive “hacking tool”…
Read More » -
Critical Security Alert: RCE Vulnerabilities in Google’s Gemini CLI and GitHub Actions
Google has issued an urgent security advisory following the discovery of critical vulnerabilities within the Gemini CLI and its integrated…
Read More » -
Securing Autonomous Agents: OpenClaw Patches Critical Policy Bypass and Credential Leak Vulnerabilities
As the adoption of autonomous AI agent frameworks accelerates, the attack surface for these highly capable systems expands alongside them.…
Read More » -
Context.ai Compromise Exposes Vercel Customers
In a recent disclosure that highlights the growing complexity of modern software supply chains, Vercel has confirmed a sophisticated security…
Read More » -
The Multi-Stage Supply Chain Compromise of Checkmarx KICS
In a sophisticated demonstration of supply chain exploitation, the official Checkmarx KICS (Keeping Infrastructure as Code Secure) ecosystem has fallen…
Read More » -
Cybercriminals Use Fake Zoom, Teams Calls to Deliver Malware
Hackers are increasinglyusing fake Zoom and Microsoft Teams meetings to trick victims into infecting their own systems with malware. SEAL…
Read More »