JavaScript devs beware: this popular NPM package has been compromised by attackers

An extremely popular NPM package used in many JavaScript projects has been compromised and can wreak havoc on your machine if ...
Bleeping Computer

Wikipedia hit by self-propagating JavaScript worm that vandalized pages

Update: Added Wikimedia Foundation's statement below and made a correction to denote it was only the Meta-Wiki that was vandalized. The Wikimedia Foundation suffered a security incident today after a ...
The Caledonian-Record

GetHealthy Launches Script, an AI-Enabled Platform Expanding Practitioner Commerce Beyond Supplements Across Seven Product Categories

GetHealthy, the infrastructure platform powering practitioner-led health commerce, today announced the launch of GetHealthy Script, an AI-enabled clinical scripting platform designed to help ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...

Automate Excel with Office Scripts : Getting Started Guide

The Office Scripts action recorder can generate code snippets for Excel changes, but some actions still require manual ...

ThreatDown Uncovers First Cyber Attack Abusing Deno JavaScript Runtime for Fileless Malware Delivery

ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be ...
Windows Report

Axios Hack Bypasses GitHub Protections and Installs Hidden Malware on Systems

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through malicious npm releases. Security researchers from StepSecurity identified ...

Oracle unveils Project Detroit for faster Java interop with JavaScript and Python

JavaOne Oracle has shipped Java 26, a short-term release, and introduced Project Detroit, which promises faster interop ...

What’s inside the White House app?

According to “I Decompiled the White House’s New App,” the Android version has some odd choices for a government app that ...

Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...
The Hacker News

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

DeepLoad exploits ClickFix and WMI persistence to steal credentials, enabling stealth reinfection after three days.

Supply chain attack hits Axios npm releases, users urged to rotate keys

Two malicious Axios npm releases have prompted warnings for developers to rotate credentials and treat affected systems as ...