A researcher warned that more than 400 NPM libraries, including at least 10 crypto packages mostly tied to ENS, were compromised by Shai Hulud malware. A major JavaScript supply-chain attack has ...

The Microsoft Authenticator app is a vital tool for securing your accounts with two-factor authentication (2FA). When it stops delivering approval notifications or one-time codes, it can lock you out ...

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain attacks they’ve seen, and it’s spreading. A month after a self-propagating ...

The malware uses invisible Unicode characters to hide its code and blockchain-based infrastructure to prevent takedowns. Visual Studio developers are targeted with a self-propagating worm in a ...

After a 35-year quest, the final solution to a famous puzzle called Kryptos has been found. Two writers discovered the fourth answer to the code hidden among the Smithsonian Institution’s archives.

On September 17, 2025, Cybersecurity researchers uncovered the first real-world case of a malicious Model Context Protocol (MCP) server embedded in an npm package called postmark-mcp. The package, ...

A malicious npm package named Fezbox has been found using an unusual technique to conceal harmful code. The package employs a QR code as part of its obfuscation strategy, ultimately aiming to steal ...

Newly discovered npm package 'fezbox' employs QR codes to retrieve cookie-stealing malware from the threat actor's server. The package, masquerading as a utility library, leverages this innovative ...

Qwen Code’s Qwen3-Coder model doesn’t seem as good as its benchmark scores imply, but the tools are free and the usage limits are generous. The three biggest hyperscalers in the US are AWS, Microsoft ...

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...

Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel self-replicating credential-stealing code in yet another wave of a supply chain ...