Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.
In response to recent software supply chain attacks, NPM version 12 is blocking the automatic script execution at install.
A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
CVE-2026-48907 in the Joomla JCE plugin lets unauthenticated attackers drop PHP web shells with a single crafted request.
Javascript client library for accessing the Typesense HTTP API.