A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...

Koi security researchers found that when NPM installs a dependency from a Git repository, configuration files such as a ...

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...

Software development, long regarded as one of the most labour-intensive corners of the technology sector, is now transforming ...

Tech billionaire Elon Musk has threatened to buy European low-cost carrier Ryanair after its CEO called him an idiot. Now, Musk has offered a job to the NodeJS Creator, Ryan Dahl, to lead this airline ...

A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized parser input.

The state of Vibe Coding in early 2026 is such that even seasoned software developers are now saying that the days of ...

A dramatic spike in npm-focused intrusions shows how attackers have shifted from opportunistic typosquatting to systematic, ...

Security researchers at Aikido on Sunday uncovered an apparently new Shai Hulud variant, uploaded to npm through a GitHub repository called @vietmoney/react-big-calendar. Shai Hulud is the moniker for ...

Shai-Hulud is the worst-ever npm JavaScript attack. This software supply chain worm attack is still ongoing. Here are some ways you can prevent such attacks. For those of you who aren't Dune fans, ...