Sometime in late May 2026, a poisoned update slipped into the @antv family of JavaScript visualization libraries, the ...

When OpenAI engineers discovered that a poisoned update to a widely used JavaScript library had executed on two corporate ...

The MarketWatch News Department was not involved in the creation of this content. -- ThreatDown's EDR team discovered a sophisticated, multi-stage attack chain during an active investigation; the ...

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by bitcoin wallets. A major NPM developer, qix, has had their account compromised.

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.

The notification arrived on September 14, 2025, at 17:58 UTC. Somewhere in the sprawling npm registry—home to 2.5 million JavaScript packages that power everything from banking apps to smart ...

Wikipedia briefly went into "read-only mode" this morning and disabled article editing after a malicious piece of code was detected that could delete entries. Initially, Wikipedia editors uncovered ...

ThreatDown’s EDR team discovered a sophisticated, multi-stage attack chain during an active investigation; the first documented case of attackers abusing the Deno runtime as a malware execution ...