Two malicious npm packages, express-api-sync and system-health-sync-api, have been discovered, posing a significant threat to production systems. Published under the npm alias “botsailer,” the packages install backdoors capable of deleting all files within an application. Unlike typical malware, these tools prioritise data destruction over theft, highlighting a growth in software supply chain threats. Socket’s Threat Research Team urges developers to use behavioural scanning tools to detect such threats.
Microsoft Releases Out-of-Band Patch to Fix Critical RRAS RCE Vulnerabilities in Windows 11
Microsoft released an out-of-band hotpatch update on March 13, 2026, addressing serious security vulnerabilities in Windows 11 versions 24H2 and 25H2. Tracked as KB5084597 and
