A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be ...

A widely-adopted JavaScript library has been found carrying a critical vulnerability which could allow threat actors to execute malicious code, remotely.

Agent HQ provides a single location for managing both local and remote coding agents and introduces a plan agent that breaks ...

In the new campaign, Gootloader was most likely leveraged by a group known as Storm-0494, as well as its downstream operator, ...

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...

The GlassWorm malware campaign, which impacted the OpenVSX and Visual Studio Code marketplaces last month, has returned with ...

Udio, an AI song generation platform, has announced a 48-hour window starting Monday for users to download their songs. This ...

Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " ...

The vulnerability, tracked as CVE-2025-11953, carries a CVSS score of 9.8 out of a maximum of 10.0, indicating critical severity. It also affects the "@react-native-community/cli-server-api" package ...

The npm packages were available since July, have elaborately obfuscated malicious routines, and rely on a fake CAPTCHA to appear authentic.

Developers will have to contend with a dormant turned active malicious code on Visual Studio Code (VS Code) extensions, which ...

Discover why Android and iPhone devices slow down and learn Bitdefender’s expert fixes to speed up your phone, and keep it ...