Dark Reading

'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...
Tech Times

Cloudflare Buys VoidZero: Vite’s 130M Weekly Users Get a New Vendor-Neutrality Pledge

Cloudflare VoidZero acquisition gives a competing CDN governance of Vite, the open source JavaScript build tool with 130 ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
unite

Cloudflare Acquires VoidZero, Bringing the Team Behind Vite Into Its Developer Platform ...

Founded by Evan You, VoidZero was created with the goal of building a unified, high-performance JavaScript toolchain. Rather than focusing on a single framework, the ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
IEEE

Reasoning about the Node.js Event Loop using Async Graphs

Abstract: With the popularity of Node.js, asynchronous, event-driven programming has become widespread in server-side applications. While conceptually simple, event-based programming can be tedious ...
heise online

JavaScript runtime developed with AI: Edge.js for secure Node.js applications

As the Wasmer team explains the reasons behind the new runtime, Node.js has two difficulties: it is tied to V8 as the only JavaScript engine and cannot securely execute workloads without ...