News

Popular JavaScript package is: Malware through supply chain attack
Maintainer, the package is, which is downloaded around 2.7 million times a week, was infected with a malware loader.
Dynamsoft Barcode Reader JavaScript SDK v11.0 Improves Accuracy and Performance with Advanced Deep Learning and Algorithm Enhancements
Dynamsoft has announced the release of version 11.0 of its Barcode Reader SDK for JavaScript edition, introducing ...
The Munich Eye2d
Malware Discovered in Popular JavaScript Package Due to Supply Chain Attack
Munich news, health insurance, technology, jobs and other topics for expatriates. The Eye Newspapers covers daily news and offers services for foreigners.
Supply-chain attacks on open source software are getting out of hand
It has been a busy week for supply-chain attacks targeting open source software available in public repositories, with ...
Google is testing a vibe-coding app called Opal
Google is testing a new vibe-coding tool called Opal, available in the U.S. through Google Labs, that lets users quickly spin ...
NPM package ‘is’ with 2.8M weekly downloads infected devs with malware
The popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers ...
SecurityWeek4d
SonicWall Patches Critical SMA 100 Vulnerability, Warns of Recent Malware Attack
SonicWall advises organizations to patch SMA 100 appliances and look for IoCs associated with Overstep malware attacks.
Freelance dev shop Toptal caught serving malware after GitHub account break-in
Developer freelancing platform Toptal has been inadvertently spreading malicious code after attackers broke into its systems ...
More popular npm packages hijacked to spread malware
Several popular npm packages with millions of weekly downloads were targeted, and one used as a launchpad for malware ...
CISA and FBI warn of escalating Interlock ransomware attacks
CISA and the FBI warned on Tuesday of increased Interlock ransomware activity targeting businesses and critical ...
Not pretty, not Windows-only: npm phishing attack laces popular packages with malware
The popular npm package "is" was infected with cross-platform malware, around the same time that linting utility packages ...
Google’s Opal AI Tool Lets Anyone Build Apps Without Code
Google has announced the launch of Opal, a no‑code AI mini‑app builder that uses natural language and visual workflows to ...