Node.js 26 ships with Temporal API enabled by default 2026-05-07 at 12:26 By Anamarija Pogorelec Developers managing JavaScript runtimes have a new major version to evaluate. Node.js 26.0.0 brings the long-awaited Temporal API to the platform alongside an updated V8 engine, a refreshed HTTP client, and several long-flagged removals that will require code changes in […]
Node.js 26 ships with Temporal API enabled by default Read More »
North Korean Hackers Target High-Profile Node.js Maintainers 2026-04-06 at 14:12 By Ionut Arghire The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign. The post North Korean Hackers Target High-Profile Node.js Maintainers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original
North Korean Hackers Target High-Profile Node.js Maintainers Read More »
Self-spreading npm malware targets developers in new supply chain attack 2026-02-24 at 15:10 By Zeljka Zorz Security researchers have uncovered another supply chain attack targeting developers: 19 typosquatting npm packages published on npmjs.com that steal credentials, infect projects, and propagate themselves across developer environments. The operation, dubbed “SANDWORM_MODE,” represents a (still) rare example of worm-like
Self-spreading npm malware targets developers in new supply chain attack Read More »
Pompelmi: Open-source secure file upload scanning for Node.js 2026-02-02 at 09:10 By Sinisa Markovic Software teams building services in JavaScript are adding more layers of defense to handle untrusted file uploads. An open-source project called Pompelmi aims to insert malware scanning and policy checks directly into Node.js applications before files reach storage or business logic.
Pompelmi: Open-source secure file upload scanning for Node.js Read More »
Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182) 2025-12-04 at 14:32 By Zeljka Zorz A critical vulnerability (CVE-2025-55182) in React Server Components (RSC) may allow unauthenticated attackers to achieve remote code exection on the application server, the React development team warned on Wednesday. The maximum-severity vulnerability was privately reported by Lachlan Davidson and has
Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182) Read More »
After Shai-Hulud, GitHub tightens npm publishing security 2025-09-23 at 19:09 By Zeljka Zorz Attackers are constantly finding ways to take over accounts and push malicious packages to the npm registry, the (GitHub-operated) online repository for JavaScript and Node.js packages. But in this month alone, we witnessed the compromise of popular code packages after a successful
After Shai-Hulud, GitHub tightens npm publishing security Read More »
Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack 2025-09-17 at 01:18 By Zeljka Zorz A potentially monumental supply chain attack is underway, thanks to a self-replicating worm-like payload that has been compromising packages published on the npm Registry. The worm has been dubbed “Shai-hulud” as it steals credentials from victims who
Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack Read More »
Fake npm 2FA reset email led to compromise of popular code packages 2025-09-09 at 16:51 By Zeljka Zorz Malicious versions of at least 18 widely used npm packages were uploaded to the npm Registry on Monday, following the compromise of their maintainer’s account. “The packages were updated to contain a piece of code that would
Fake npm 2FA reset email led to compromise of popular code packages Read More »
Microsoft Warns of Node.js Abuse for Malware Delivery 2025-04-16 at 14:01 By Eduard Kovacs In the past months Microsoft has seen multiple campaigns involving Node.js to deliver malware and other malicious payloads. The post Microsoft Warns of Node.js Abuse for Malware Delivery appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original
Microsoft Warns of Node.js Abuse for Malware Delivery Read More »
Critical Vulnerabilities in Node.js Expose Systems to Remote Attacks 2025-01-28 at 14:18 By daksh sharma Overview A series of critical security vulnerabilities have been discovered in multiple versions of Node.js, a popular open-source JavaScript runtime used to build scalable network applications. These vulnerabilities, outlined in CERT-In Vulnerability Note CIVN-2025-0011, have been classified as high severity,
Critical Vulnerabilities in Node.js Expose Systems to Remote Attacks Read More »