Windows News
Security researchers uncovered a brazen supply-chain attack on June 1, 2026, targeting the npm registry’s @redhat-cloud-services namespace. Malicious versions of several packages, used by thousands...
Microsoft Threat Intelligence disclosed on May 29, 2026 that a fresh wave of dependency confusion attacks targeting the npm ecosystem leveraged malicious postinstall scripts to conduct reconnaissance...
A newly created npm maintainer account named vpmdhaj uploaded 14 typosquatted packages in a span of just four hours on May 28, 2026, Microsoft revealed in a security advisory. The rapid-fire campaign...
On March 31, 2026, a malicious update to the Axios npm package transformed one of JavaScript's most trusted HTTP clients into a weaponized supply chain threat. The attack didn't require developers to...
On March 31, 2026, the JavaScript ecosystem faced one of its most significant supply chain attacks when malicious versions of the axios HTTP client library were published to npm. These compromised...
The Axios HTTP client library, downloaded over 50 million times weekly from npm, was compromised when attackers gained control of a maintainer's account through a sophisticated social engineering...
Use our category filters, tag system, or the search functionality to find specific Windows topics. Popular categories include Windows 11, Security, Gaming, and Updates.
While we aggregate news from various sources, you can engage with the community through the WindowsForum.com platform linked in our navigation.