npm

Flipping the Script: The Premiere of ‘The Women in Security’ Documentary at RSAC

Axios Compromise on npm Introduces Hidden Malicious Package

AndyC 1 April 2026

A newly discovered software supply chain attack targeting the npm ecosystem briefly compromised one of the most widely used...

Security Blogs

Attackers hijack Axios npm account to spread RAT malware

AndyC 1 April 2026

Attackers hijack Axios npm account to spread RAT malware Pierluigi Paganini March 31, 2026 Threat actors hijacked the npm account...

CISA urges IT to harden endpoint management systems after cyberattack by pro-Iranian group

Sonatype Discovers Two Malicious npm Packages

AndyC 20 March 2026

Sonatype Security Research has identified a potential compromise of a trusted npm maintainer account that has now published two...

Hijacked npm Packages Deliver Malware via Solana, Linked to Glassworm

AndyC 18 March 2026

Sonatype Security Research has identified two hijacked npm packages in the React Native ecosystem that receive more than 30,000...

ENISA Technical Advisory on Secure Package Managers: Essential DevSecOps Guidance

AndyC 13 March 2026

ENISA Technical Advisory on Secure Package Managers: Essential DevSecOps Guidance Pierluigi Paganini March 12, 2026 ENISA’s first Technical Advisory on...

Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign

AndyC 16 February 2026

Malicious npm and PyPI packages Llinked to Lazarus APT fake recruiter campaign Pierluigi Paganini February 15, 2026 Researchers found malicious...

Beware! Fake ChatGPT browser extensions are stealing your login credentials

PackageGate bugs let attackers bypass protections in NPM, PNPM, VLT, and Bun

AndyC 29 January 2026

PackageGate bugs let attackers bypass protections in NPM, PNPM, VLT, and Bun Pierluigi Paganini January 28, 2026 Koi researchers found...

npm

Axios Compromise on npm Introduces Hidden Malicious Package

Attackers hijack Axios npm account to spread RAT malware

Sonatype Discovers Two Malicious npm Packages

Hijacked npm Packages Deliver Malware via Solana, Linked to Glassworm

ENISA Technical Advisory on Secure Package Managers: Essential DevSecOps Guidance

Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign

PackageGate bugs let attackers bypass protections in NPM, PNPM, VLT, and Bun

Digital assets after death: Managing risks to your loved one’s digital estate

This month in security with Tony Anscombe – March 2026 edition

RSAC 2026 wrap-up – Week in security with Tony Anscombe

A cunning predator: How Silver Fox preys on Japanese firms this tax season

Virtual machines, virtually everywhere – and with real security gaps

Cloud workload security: Mind the gaps

Donate Bitcoin to this address

Donate Ethereum to this address

NSFOCUS Monthly APT Insights – January 2026

News Alert: TAC Security surpasses 10,000 customers, scaling global VM and AppSec platform

Digital assets after death: Managing risks to your loved one’s digital estate

U.S. CISA adds a flaw in Google Dawn to its Known Exploited Vulnerabilities catalog

Google fixes fourth actively exploited Chrome zero-day of 2026

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed