JavaScript is the foundation of the modern web. From simple button clicks to complex web applications, almost everything ...

More OpenClaw security woes. Huntress researchers say bad actors convinced users to download a bogus installer for the AI personal assistant that deployed infostealers by hosting it in a malicious ...

Harness announces the general availability of Artifact Registry. The platform integrates artifact management directly into the CI/CD environment, reducing ...

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a ...

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.

Hulud-like Sandworm_Mode supply chain attack targets NPM developers to steal secrets and poison AI assistants.

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...

The npm registry now includes Socket security analysis links directly on package pages to help developers assess supply chain risks.

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.

Visual Studio Code 1.110 (February 2026) adds new agent extensibility, browser-driving chat tools, and expanded chat accessibility.