InfoWorld

Malicious pgserve, automagik developer tools found in npm registry

Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ...

GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions

A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious ...
InfoWorld

Is your Node.js project really secure?

Node.js does not need more theatrical security output. It needs better developer workflow infrastructure. It needs tools that ...
SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.