On March 31, 2026, two new npm packages for updated versions of Axios, a popular HTTP client for JavaScript that simplifies making HTTP requests to a REST endpoint with over 70 million weekly ...

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection. The finding, ...

The ongoing conflict between Fetch.ai and the Ocean Protocol Foundation may soon reach a peaceful resolution, as both sides signal a willingness to settle their differences outside the courts. The ...

This is the first article in a two-part series where we show how to build your own anti-bot system to protect a login endpoint, without relying on third-party services. Many bot detection solutions, ...

Newly discovered npm package 'fezbox' employs QR codes to retrieve cookie-stealing malware from the threat actor's server. The package, masquerading as a utility library, leverages this innovative ...

Community driven content discussing all aspects of software development from DevOps to design patterns. Note, this article deals with client-side JavaScript. For a client and server-side JavaScript ...

A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages.

Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration. The activity, first ...

gorilla/csrf is a HTTP middleware library that provides cross-site request forgery (CSRF) protection. It includes: ...and then collect the token with csrf.Token(r) in your handlers before passing it ...

An ongoing attack is uploading hundreds of malicious packages to the open source node package manager (NPM) repository in an attempt to infect the devices of developers who rely on code libraries ...