Tag

#javascript

7 stories taggedjavascript.

Full-frame photoreal editorial image of a darkened developer workstation with a large monitor showing abstract cascading package dependency graphs in green and
Policy & Regulation

npm 12 Turns Off Auto-Run Install Scripts to Blunt Supply Chain Attacks

GitHub's package manager for JavaScript now ships with a safer default, and it retires a token type that let developers skip two-factor login.

3 min
Photoreal editorial image, full-frame 16:9, of two nearly identical open cardboard shipping boxes on a dark desk, one subtly marked with a red warning tape, sof
Threat Intelligence

Fake Rollup Helper Packages on npm Traced to North Korean Hackers

Two look-alike JavaScript packages copied a popular developer tool line-for-line, then quietly opened a back door onto the machines of anyone who installed them.

3 min
Threat Intelligence

Trusted Plugin Scripts Weaponized in Admin-Aware WordPress Supply-Chain Hit

Tampered JavaScript served from PushEngage, OptinMonster and TrustPulse fingerprinted logged-in admins before silently provisioning rogue accounts and a stealth plugin.

3 min
Vulnerabilities

npm 12 Pulls the Plug on Install Scripts by Default

GitHub is finally turning off the lifecycle hook that's been quietly powering half a decade of supply chain attacks.

3 min
Threat Intelligence

FROST: A Browser-Only Side Channel That Reads Your SSD to Guess What You're Doing

Graz University researchers show that JavaScript timing alone can fingerprint websites and applications by measuring contention on a victim's solid-state drive.

3 min
Vulnerabilities

Six Flaws in protobuf.js Turn Serialized Schemas Into Execution Vectors

The JavaScript Protocol Buffers library — pulled 50 million times a week — ships patches for a cluster of CVEs that let attackers use schema metadata to run arbitrary code inside Node.js processes.

2 min
Vulnerabilities

Schema as Weapon: Six Flaws in protobuf.js Open a Path to Remote Code Execution

Cyera researchers found that protobuf.js — pulled into apps 50 million times a week — will, under exploitable conditions, turn schema metadata into running code.

2 min
© 2026 Threat Vectr