News

Application security news, updated daily (if there is any news to share).

GitHub flags ambar-src on npm as malware with no patched versions

GitHub's Advisory Database published a malware advisory for the npm package ambar-src, warning that any affected machine should be treated as fully compromised.

Supply ChainJavaScriptMalware

16 Feb 2026

OpenSSF flags npm package compass-e2e-tests 99.0.0 as malicious

OpenSSF Package Analysis identified the npm package compass-e2e-tests (version 99.0.0) as malicious due to communication with a domain associated with malicious activity.

NewsSupply ChainJavaScript

16 Feb 2026

Loading news…