Project Zomboid identifies and bans over a dozen Steam Workshop mods containing 'heavily obfuscated code' that was 'creating malicious files'

Players should take "appropriate security measures to ensure their system is safe. Simply uninstalling the mods is not ...
Security Boulevard

Google Says North Korea Was Behind the Axios npm Supply Chain Attack

A supply chain compromise involving the widely used JavaScript package Axios is now being tied to a North Korea-linked threat actor, turning what already looked like a serious open-source incident ...
CSO Online

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem.
Windows Report

Axios Hack Bypasses GitHub Protections and Installs Hidden Malware on Systems

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through malicious npm releases. Security researchers from StepSecurity identified ...
GitHub

Secure Node.js Execution Without a Sandbox

A lightweight library for secure Node.js execution. No containers, no VMs — just npm-compatible sandboxing out of the box. Powered by the same tech as Cloudflare Workers. Give your agent the ability ...
cybernews

Hundreds of code repos falling like dominoes, infected by new wave of self-replicating malware

Hundreds of GitHub and npm repositories, and dozens of extensions for VS Code and other code editors, have been compromised in a new massive wave of the GlassWorm supply chain attack. Thousands of ...
cybernews

Threat actors linked to Russia target Ukrainian entities with new backdoor

A new campaign targeting Ukrainian entities and attributed to actors linked to Russia employs various judicial- and charity-themed lures to deploy a JavaScript‑based backdoor that runs in the Edge ...