Node.js Archives • Daily CyberSecurity

Node.js Alerts: High-Severity Flaw (CVE-2025-23166) Risks Remote System Crashes! Update Immediately! CVE-2025-23083 - Node.js EOL

Node.js Alerts: High-Severity Flaw (CVE-2025-23166) Risks Remote System Crashes! Update Immediately!

Ddos May 15, 2025

In an important security announcement released recently, the Node.js team has rolled out vital updates for its...

Malicious npm Packages Backdoor Telegram Bot Developers npm Malware, Telegram Bots

Malicious npm Packages Backdoor Telegram Bot Developers

Ddos April 22, 2025

A new supply chain attack has been uncovered by Socket’s Threat Research Team, targeting developers who create...

Node.js Misused in Malvertising Campaigns to Deliver Stealthy Malware Node.js malware, malvertising attacks

Node.js Misused in Malvertising Campaigns to Deliver Stealthy Malware

Ddos April 17, 2025

Microsoft Defender Experts (DEX) has observed a rise in malicious campaigns that use Node.js to deliver malware...

Million-Download Node.js Library xml-crypto Hit by Critical Security Flaws (CVE-2025-29774, CVE-2025-29775)

Ddos March 18, 2025

Two critical vulnerabilities have been identified in the xml-crypto library, a popular Node.js library for XML digital...

Node.js Expands CVE Coverage for EOL Releases Despite MITRE Rejection CVE-2025-23083 - Node.js EOL

Node.js Expands CVE Coverage for EOL Releases Despite MITRE Rejection

Ddos March 9, 2025

In a significant shift in its vulnerability management approach, the Node.js team has decided to extend Common...

CVE-2025-23083: Node.js Vulnerability Exposes Sensitive Data and Resources

Ddos January 21, 2025

The Node.js project has released updates to address several security vulnerabilities, including a high-severity flaw that could...

Node.js to Issue CVE for End-of-Life Versions CVE-2024-36138 - Node.js vulnerability

Node.js to Issue CVE for End-of-Life Versions

Ddos January 9, 2025

In a significant move to bolster security and encourage users to stay up-to-date, the Node.js Project has...

CVE-2024-56334: Command Injection Flaw Exposes Millions of Node.js Systems to Attack

Ddos December 23, 2024

A severe command injection vulnerability (CVE-2024-56334) has been identified in the widely used Node.js system information package,...

Wish Stealer: New Malware Targets Discord, Browsers, and Cryptocurrency Wallets

Ddos November 11, 2024

CYFIRMA recently identified “Wish Stealer,” a new Node.js-based malware that targets Windows users by stealing sensitive information...

CVE-2024-36138: High-Severity Vulnerability in Node.js Allows Code Execution on Windows CVE-2024-36138 - Node.js vulnerability

CVE-2024-36138: High-Severity Vulnerability in Node.js Allows Code Execution on Windows

Ddos July 8, 2024

The Node.js Project has released a security update to address multiple vulnerabilities, including a high-severity flaw that...

CVE-2024-21512: MySQL2 Vulnerability Puts Millions of Downloads at Risk

Ddos June 3, 2024

MySQL2, a popular MySQL client library for Node.js with over 2 million monthly downloads, has been found...

CVE-2024-29415: Popular Node.js Package ‘node-ip’ Exposes Millions to Potential SSRF Attacks

Ddos June 3, 2024

A significant security vulnerability has been uncovered in the widely-used node-ip npm package, which is designed to...

Node.js Security Update Addresses Server Crash, Request Smuggling Vulnerabilities

Ddos April 3, 2024

The Node.js project has released a critical security update addressing vulnerabilities in active release lines (v18.x, v20.x,...

Major Node.js Security Flaws: Millions of Apps Could Be Vulnerable

Ddos February 15, 2024

Node.js, the popular JavaScript runtime environment used by millions of developers worldwide, has recently issued security updates...

Node.js is vulnerable to HTTP/2 rapid reset zero-day vulnerability CVE-2023-44487

Ddos October 15, 2023

Node.js is a popular JavaScript runtime environment that is used to build scalable and performant web applications...