A new strain of the Shai Hulud worm is discovered by researchers, signaling the self-propagating supply chain threat ...

As a worm spread through hundreds of npm packages in 2025, it didn't exploit a vulnerability – it exploited the architecture.

Hackers behind the Shai Hulud malicious npm JavaScript campaign are likely testing a new variant of the malware. Security ...

A malicious npm package posing as a WhatsApp API intercepts messages, steals credentials, and links attacker devices after 56 ...

OpenAI launches GPT-5.2-Codex for professional coding, delivering enhanced long-context support and native Windows ...

The Tea Protocol was founded by Max Howell, who created open source package manager Homebrew, and Lewis, who established ...

The Dune-inspired Shai Hulud has returned in a weaponized upgrade, unleashing an automated supply chain worm that's infected over 25,000 npm repositories, tied to hundreds of maintainers. See Also: ...

A researcher warned that more than 400 NPM libraries, including at least 10 crypto packages mostly tied to ENS, were compromised by Shai Hulud malware. A major JavaScript supply-chain attack has ...

Malicious npm packages are using unique anti-evasion and targeting tactics to identify and redirect victims to cryptocurrency-themed scam websites, researchers have found. Socket Threat Research ...

Malicious code continues to be uploaded to open source repositories, making it a challenge for responsible developers to trust what’s there, and for CISOs to trust applications that include open ...

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection. The finding, ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Vivek Yadav, an engineering manager from ...