Red Hat hit by npm supply‑chain attack - here's how to stay safe ...

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...

Attackers increasingly are using malicious JavaScript packages to steal data, engage in cryptojacking and unleash botnets, offering a wide supply-chain attack surface for threat actors. More than ...

In response to recent software supply chain attacks, NPM version 12 is blocking the automatic script execution at install.

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...

GitHub will change npm's defaults so the install command no longer runs scripts automatically, disabling a feature commonly ...

Researchers continue to investigate a wave of malicious npm packages, with the published tally now reaching over 700. Last week, JFrog researchers disclosed the scheme in which an unknown threat actor ...

Add Yahoo as a preferred source to see more of our stories on Google. North Korean state-sponsored threat actors were observed pushing malicious packages into the npm registry, in an attempt to ...

Looks like the Arch Linux AUR (Arch User Repository) needs some better security and package checks - as some malicious users ...