Hackers behind the Shai Hulud malicious npm JavaScript campaign are likely testing a new variant of the malware. Security ...

A malicious npm WhatsApp library with 56,000 downloads secretly stole messages, credentials, and contacts in a sophisticated ...

A malicious npm package posing as a WhatsApp API intercepts messages, steals credentials, and links attacker devices after 56 ...

OpenAI launches GPT-5.2-Codex for professional coding, delivering enhanced long-context support and native Windows ...

The Tea Protocol was founded by Max Howell, who created open source package manager Homebrew, and Lewis, who established ...

AUSTIN, Texas, Dec. 09, 2025 (GLOBE NEWSWIRE) -- Today, Coder introduced new capabilities that bring AI coding agents into secure, self-hosted workspaces, enabling enterprises to adopt AI safely at ...

The Dune-inspired Shai Hulud has returned in a weaponized upgrade, unleashing an automated supply chain worm that's infected over 25,000 npm repositories, tied to hundreds of maintainers. See Also: ...

A researcher warned that more than 400 NPM libraries, including at least 10 crypto packages mostly tied to ENS, were compromised by Shai Hulud malware. A major JavaScript supply-chain attack has ...

Malicious npm packages are using unique anti-evasion and targeting tactics to identify and redirect victims to cryptocurrency-themed scam websites, researchers have found. Socket Threat Research ...

Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence – in ...

Malicious code continues to be uploaded to open source repositories, making it a challenge for responsible developers to trust what’s there, and for CISOs to trust applications that include open ...

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection. The finding, ...