Node.js 26 has been released, featuring the Temporal API enabled by default, an updated V8 engine to version 14.6, and the ...
The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...