GitHub

Package Node.js applications into executable binaries.

This is a high-performance fork of caxa. Version 3.0 introduces portable Node bundling and zstd-compressed native payloads on top of the build/runtime improvements from the 2.x line. When executed, ...
GitHub

‍♂️ Loki Command & Control

Loki is a stage-1 command and control (C2) framework written in Node.js, built to script-jack vulnerable Electron apps MITRE ATT&CK T1218.015. Developed for red team operations, Loki enables evasion ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by ...

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Microsoft

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the ...
The Hacker News

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

ClickFix attacks are delivering BabaDeda, Lorem Ipsum, and Potemkin loaders to deploy stealers, RATs, and ransomware-linked ...