MAL-2025-45277 Malicious code in nashira-warp-electron-development (npm)

The package nashira-warp-electron-development was found to contain malicious code...

Malicious code in electron-development-eslint-config-galaxy (npm)

The package electron-development-eslint-config-galaxy was found to contain malicious code...

MAL-2025-19449 Malicious code in electron-development-eslint-config-galaxy (npm)

The package electron-development-eslint-config-galaxy was found to contain malicious code...

electron28 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-4948. Security: backported fix for CVE-2024-3914. Security: backported fix for CVE-2024-4060. Security: backported fix for CVE-2024-4058. Security: backported fix for CVE-2024-4558...

Supply-Chain Attack against the Electron Development Platform

Electron is a cross-platform development system for many popular communications apps, including Skype, Slack, and WhatsApp. Security vulnerabilities in the update system allows someone to silently inject malicious code into applications. From a news article: At the BSides LV security conference o...