The North Korean threat actor behind the Axios supply chain attack has been targeting high-profile Node.js maintainers.
UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...
Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...
The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...
apify-client is the official library to access Apify API from your JavaScript applications. It runs both in Node.js and browser and provides useful features like automatic retries and convenience ...
Abstract: Object-relational mapping (ORM) frameworks or tools have turned into a necessity for the development of modern applications. Thorough cross-language performance comparisons that particularly ...
The AWS SDK for JavaScript v3 is a rewrite of v2 with some great new features. As with version 2, it enables you to easily work with Amazon Web Services, but has a modular architecture with a separate ...
Thirty years ago today, Netscape Communications and Sun Microsystems issued a joint press release announcing JavaScript, an object scripting language designed for creating interactive web applications ...
Since October 2024, Microsoft Defender Experts (DEX) has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to ...
An ongoing attack is uploading hundreds of malicious packages to the open source node package manager (NPM) repository in an attempt to infect the devices of developers who rely on code libraries ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results