Package lurking in npm for six years waits to destroy your work
Socket's threat researchers have discovered the xlsx-to-json-lh package on npm, which has been hiding in plain sight for six years, waiting for a command to wipe projects.
4chan back from 'catastrophic' attack with tale of cash woes
4chan suffered catastrophic data loss due to a cyberattack exploiting outdated software, highlighting chronic funding issues affecting its maintenance.