Malicious npm packages have been identified distributing malware that steals credentials and attempts to spread across ...

Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as ...

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.

Microsoft officially announced TypeScript 7.0 Beta on April 21, 2026. The company says TypeScript 7.0 is often 10 times faster than 6.0. The beta ships through @typescript/native-preview@beta and tsgo ...

The incident has been described as one of the most significant code leaks in recent times, involving the exposure of Claude Code.

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks.

A new malicious npm campaign using fake installation logs to hide malware activity has been identified by security researchers. The attacks, discovered by ReversingLabs, involve malicious packages ...

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...

A new security bypass has users installing AI agent OpenClaw — whether they intended to or not. Researchers have discovered that a compromised npm publish token pushed an update for the widely-used ...