Requires Node v24.13.1 or higher ES5 support only. No complex features: async, generator, and even try..finally aren't supported. Experimental. Expect issues. Try the ...

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

Mini Shai-Hulud worm compromises 169 npm packages including TanStack Mistral AI; TeamPCP uses stolen OIDC tokens.

Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open ...

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.

An attacker poisoned 84 TanStack npm versions across 42 packages, stealing GitHub OIDC tokens and cloud keys while planting a ...

ClickFix relies on tricking users into essentially hacking themselves by running commands that compromise their computers. In ...

A security researcher’s decompilation of the White House’s official mobile app uncovered hidden GPS tracking, insecure code ...

A new wave of the Mini Shai-Hulud campaign compromised dozens of TanStack npm packages as part of a broader supply chain ...

However, the biggest human element threat in 2026 isn’t just password reuse – it’s the accidental insider threat created by ...