A critical breakdown in one of the most trusted Node.js sandbox libraries is putting countless applications … vm2 Vulnerabilities Enable Full System TakeoverRead more
JavaScript security
Malicious “tanstack” Package Hijacks npm to Steal Dev Secrets
On April 29, 2026, a highly targeted supply chain attack hit the JavaScript ecosystem. An attacker … Malicious “tanstack” Package Hijacks npm to Steal Dev SecretsRead more
Axios npm Supply Chain Attack Impacts Developers
A major software supply chain attack has struck the JavaScript ecosystem, prompting an urgent alert from … Axios npm Supply Chain Attack Impacts DevelopersRead more
Axios npm Supply Chain Attack: Detection, Risks, and Mitigation Guide
On March 31, 2026, the cybersecurity community faced a major wake-up call when a widely trusted … Axios npm Supply Chain Attack: Detection, Risks, and Mitigation Guide Read more
Malicious Axios Package Delivers WAVESHAPER.V2 Backdoor in Supply Chain Attack
A major software supply chain attack has impacted the JavaScript ecosystem after threat actors compromised the … Malicious Axios Package Delivers WAVESHAPER.V2 Backdoor in Supply Chain AttackRead more
Critical SandboxJS Vulnerability Enables Remote Host Takeover
A critical sandbox escape vulnerability has been discovered in SandboxJS, a popular JavaScript library used to … Critical SandboxJS Vulnerability Enables Remote Host TakeoverRead more