JavaScript 21
- CanisterWorm: npm Publisher Compromise Deploys Backdoor Across 29+ Packages
- 60 Malicious npm Packages Leak Network and Host Data in Active Malware Campaign
- Malicious Koishi Chatbot Plugin Exfiltrates Messages Triggered by 8-Character Hex Strings
- The Landscape of Malicious Open Source Packages: 2025 Mid‑Year Threat Report
- Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
- The Bad Seeds: Malicious npm and PyPI Packages Pose as Developer Tools to Steal Wallet Credentials
- Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads
- Black Basta's Dependency Confusion Ambitions and Ransomware in Open Source Ecosystems
- Lazarus Strikes npm Again with New Wave of Malicious Packages
- North Korean APT Lazarus Targets Developers with Malicious npm Package
- Gmail For Exfiltration: Malicious npm Packages Target Solana Private Keys and Drain Victims' Wallets
- Weaponizing OAST: How Malicious Packages Exploit npm, PyPI, and RubyGems for Data Exfiltration and Recon
- Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
- Skuld Infostealer Returns to npm with Fake Windows Utilities and Malicious Solara Development Packages
- Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
- Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
- Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
- Roblox Developers Targeted with npm Packages Infected with Skuld Infostealer and Blank Grabber
- Massive npm Malware Campaign Leverages Ethereum Smart Contracts To Evade Detection and Maintain Control
- Author Typosquatting on npm: Attackers Impersonate Sindre Sorhus with Malicious 'chalk-node' Package
- Noxia: Emerging Dark Web Hosting Provider Targets Python, Node.js, Go, and Rust Ecosystems