A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...

Koi security researchers found that when NPM installs a dependency from a Git repository, configuration files such as a ...

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

According to the firm’s latest supply chain security report, there was a 73% increase in detections of malicious open-source packages in 2025. The past year also saw a huge jump in the scope of ...

Microsoft’s new winapp CLI simplifies Windows app development with one-command setup, faster testing, and easier packaging.

Modern JavaScript projects often rely on a fragile chain of tools that few developers fully understand. Bun was built as a reaction to that, removing the need for Webpack, Babel, Jest, and npm ...

Once trust is granted to the repository's author, a malicious app executes arbitrary commands on the victim's system with no ...

Magentrix, a premier provider of customer and partner portal solutions ? recognized for its flagship Partner Relationship ...

Microsoft today announced the release of the Windows App Development CLI (winapp) in public preview. This open source command ...