Node.js Archives • Page 2 of 4 • Daily CyberSecurity

Axios Under Siege: Critical npm Supply Chain Attack Hijacks Lead Maintainer to Drop Multi-Platform RAT TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

Axios Under Siege: Critical npm Supply Chain Attack Hijacks Lead Maintainer to Drop Multi-Platform RAT

Do Son March 31, 2026

Security researchers at StepSecurity have issued an emergency warning regarding a high-stakes supply chain attack targeting axios,...

Critical 9.4 CVSS RCE Flaws in n8n Turn Workflows into Backdoors n8n RCE Automation Security n8n Vulnerability Prototype Pollution RCE

Critical 9.4 CVSS RCE Flaws in n8n Turn Workflows into Backdoors

Do Son March 27, 2026

Security researchers have disclosed two critical vulnerabilities in n8n, the popular fair-code workflow automation platform used by...

Node.js Issues Security Updates: High-Severity DoS and Permission Bypasses Patched CVE-2024-21892 Node.js Security Update Server Crash Vulnerability

CVE-2024-21892 Node.js Security Update Server Crash Vulnerability

Node.js Issues Security Updates: High-Severity DoS and Permission Bypasses Patched

Do Son March 25, 2026

The Node.js project has released a critical sweep of security updates across its 20.x, 22.x, 24.x, and...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical Path Traversal Flaw in basic-ftp Exposes Node.js Apps to Arbitrary File Writes

Do Son March 2, 2026

With over 18 million downloads, basic-ftp is a cornerstone utility for Node.js developers, offering a robust, Promise-based...

HTTP Down: High-Severity Axios Flaw (CVSS 7.5) Crashes Node.js Servers Axios proxy vulnerabilities prototype pollution gadget Axios Vulnerability Cloud Hijacking Axios npm supply chain attack Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

Axios proxy vulnerabilities prototype pollution gadget Axios Vulnerability Cloud Hijacking Axios npm supply chain attack Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

HTTP Down: High-Severity Axios Flaw (CVSS 7.5) Crashes Node.js Servers

Do Son February 10, 2026

A high-severity vulnerability has been discovered in Axios, the immensely popular HTTP client used by millions of...

CVE-2026-23830: Critical SandboxJS Flaw (CVSS 10) Allows Total Sandbox Escape

Do Son January 29, 2026

A perfect storm of missing checks has led to a maximum-severity vulnerability in SandboxJS, a library designed...

CVSS 9.8 Sandbox Escape: Critical vm2 Flaw Exposes Millions of Apps Lockbit ransomware vm2 Vulnerability Sandbox Escape

CVSS 9.8 Sandbox Escape: Critical vm2 Flaw Exposes Millions of Apps

Do Son January 27, 2026

A critical security vulnerability has been unearthed in vm2, a highly popular sandbox library for Node.js used...

CVE-2026-1245: Code Injection Flaw Hits Node.js binary-parser WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

CVE-2026-1245: Code Injection Flaw Hits Node.js binary-parser

Do Son January 22, 2026

Developers using the popular binary-parser library for Node.js are being urged to update their dependencies immediately following...

Node.js Patches Memory Leak and Permission Bypasses CVE-2024-27980 Node.js Vulnerability CVE-2025-55131

Node.js Patches Memory Leak and Permission Bypasses

Do Son January 14, 2026

The Node.js maintainers have kicked off the new year with a critical security release, addressing a trio...

CVE-2025-68428: Critical Flaw in jsPDF Library Allows Server-Side File Theft

Do Son January 6, 2026

A critical vulnerability has been discovered in jsPDF, one of the most popular JavaScript libraries for generating...

CVE-2026-21440: New AdonisJS 9.2 Critical Flaw Allows Arbitrary File Writes and RCE AdonisJS RCE, CVE-2026-21440

CVE-2026-21440: New AdonisJS 9.2 Critical Flaw Allows Arbitrary File Writes and RCE

Do Son January 5, 2026

A critical security vulnerability has been discovered in AdonisJS, a popular full-stack Node.js web framework known for...

“React2Shell” Exploited: New EtherRAT Malware Hunts for Crypto via Node.js NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

“React2Shell” Exploited: New EtherRAT Malware Hunts for Crypto via Node.js

Do Son December 23, 2025

A new, sophisticated malware campaign is sweeping across the internet, leveraging a recently disclosed vulnerability to install...

Node.js Alert: systeminformation Flaw Risks Windows RCE for 16M+ Monthly Users systeminformation RCE, Node.js Command Injection

Node.js Alert: systeminformation Flaw Risks Windows RCE for 16M+ Monthly Users

Do Son December 18, 2025

A high-severity vulnerability has been uncovered in systeminformation, a massively popular Node.js library used by millions of...

Itch.io Targeted: Lumma Stealer Deployed Via Fake Updates and Reflective Node.js Loader Itch.io Lumma Stealer, Reflective Node.js Loader

Itch.io Targeted: Lumma Stealer Deployed Via Fake Updates and Reflective Node.js Loader

Do Son December 10, 2025

A sophisticated malware campaign has infiltrated the indie gaming platform Itch.io, using deceptive “game update” lures to...

North Korea’s WaterPlum APT Deploys Node.js OtterCandy RAT for Crypto Theft with Anti-Forensic Module North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korea’s WaterPlum APT Deploys Node.js OtterCandy RAT for Crypto Theft with Anti-Forensic Module

Do Son October 20, 2025

A new report from NTT Security Japan has spotlighted an evolved malware family known as OtterCandy, attributed...

North Korea’s Famous Chollima APT Uses Trojanized Node.js App to Deploy OtterCookie RAT for Crypto Theft

Do Son October 17, 2025

A new report from Cisco Talos has exposed a malware campaign linked to Famous Chollima, a North...

CVE-2025-61927 (CVSS 9.4): Critical RCE Flaw Discovered in Happy DOM, Over 2.7 Million Weekly Downloads Impacted

Do Son October 13, 2025

A critical-severity vulnerability has been disclosed in Happy DOM, a popular JavaScript package used to emulate web...

CVE-2025-58754: Axios Vulnerability Puts Node.js Processes at Risk of DoS Attacks Axios proxy vulnerabilities prototype pollution gadget Axios Vulnerability Cloud Hijacking Axios npm supply chain attack Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

CVE-2025-58754: Axios Vulnerability Puts Node.js Processes at Risk of DoS Attacks

Do Son September 12, 2025

The Axios project has released a security advisory for a newly discovered vulnerability affecting its popular promise-based...

Massive npm Supply Chain Attack: Qix’s Account Compromised, Billions of Weekly Downloads at Risk

Do Son September 9, 2025

Socket has detected a large-scale supply chain attack in progress targeting the npm ecosystem. The account of...

CVE-2025-9288: Critical Flaw in Popular JavaScript Library Threatens Global Web Security CVE-2025-9288 Cryptography Vulnerability

CVE-2025-9288: Critical Flaw in Popular JavaScript Library Threatens Global Web Security

Do Son August 22, 2025

A critical security vulnerability has been disclosed in sha.js, a widely used JavaScript library that implements the...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

Node.js

Axios Under Siege: Critical npm Supply Chain Attack Hijacks Lead Maintainer to Drop Multi-Platform RAT

Critical 9.4 CVSS RCE Flaws in n8n Turn Workflows into Backdoors

Node.js Issues Security Updates: High-Severity DoS and Permission Bypasses Patched

Critical Path Traversal Flaw in basic-ftp Exposes Node.js Apps to Arbitrary File Writes

HTTP Down: High-Severity Axios Flaw (CVSS 7.5) Crashes Node.js Servers

CVE-2026-23830: Critical SandboxJS Flaw (CVSS 10) Allows Total Sandbox Escape

CVSS 9.8 Sandbox Escape: Critical vm2 Flaw Exposes Millions of Apps

CVE-2026-1245: Code Injection Flaw Hits Node.js binary-parser

Node.js Patches Memory Leak and Permission Bypasses

CVE-2025-68428: Critical Flaw in jsPDF Library Allows Server-Side File Theft

CVE-2026-21440: New AdonisJS 9.2 Critical Flaw Allows Arbitrary File Writes and RCE

“React2Shell” Exploited: New EtherRAT Malware Hunts for Crypto via Node.js

Node.js Alert: systeminformation Flaw Risks Windows RCE for 16M+ Monthly Users

Itch.io Targeted: Lumma Stealer Deployed Via Fake Updates and Reflective Node.js Loader

North Korea’s WaterPlum APT Deploys Node.js OtterCandy RAT for Crypto Theft with Anti-Forensic Module

North Korea’s Famous Chollima APT Uses Trojanized Node.js App to Deploy OtterCookie RAT for Crypto Theft

CVE-2025-61927 (CVSS 9.4): Critical RCE Flaw Discovered in Happy DOM, Over 2.7 Million Weekly Downloads Impacted

CVE-2025-58754: Axios Vulnerability Puts Node.js Processes at Risk of DoS Attacks

Massive npm Supply Chain Attack: Qix’s Account Compromised, Billions of Weekly Downloads at Risk

CVE-2025-9288: Critical Flaw in Popular JavaScript Library Threatens Global Web Security