The Hacker News

Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow

Node.js released updates fixing a critical DoS flaw caused by async_hooks stack crashes, tracked as CVE-2025-59466, impacting ...

Node.js: Updated versions patch high-risk security vulnerabilities

Several security vulnerabilities, some classified as high-risk, have been discovered in the popular JavaScript runtime ...
The Hacker News

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized ...
Bleeping Computer

npm packages caught serving TurkoRAT binaries that mimic NodeJS

Researchers have discovered multiple npm packages named after NodeJS libraries that even pack a Windows executable that resembles NodeJS but instead drops a sinister trojan. These packages, given ...
Bleeping Computer

NPM nukes NodeJS malware opening Windows, Linux reverse shells

NPM has removed multiple packages hosted on its repository this week that established connection to remote servers and exfiltrated user data. These 4 packages had collected over 1,000 total downloads ...
How-To Geek on MSN

Node 25.4.0 solves the import require mess and adds more features

Node.js 25.4.0, the newest Current branch release, is now available for download. This update focuses on transitioning many ...