A series of malicious packages hidden within the Node Package Manager (npm), the largest software registry for JavaScript, has been uncovered. According to a new advisory published by FortiGuard on ...
60 packages have been discovered in the NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat actor. According to Socket’s Threat ...
Security researchers have uncovered two new malicious packages on the npm open source package manager that utilized GitHub to store stolen Base64-encrypted SSH keys taken from developer systems. These ...
Application testing company Checkmarx has warned developers to be on the lookout for malicious NPM packages, after discovering a new attack that employs typosquatting to impersonate two popular ...
A phishing attack aimed at a particular software maintainer’s account has managed to compromise software packages that have over 2.6 billion weekly downloads. BleepingComputer, noting that the ...
Hackers broke into the node package manager (NPM) account of a well-known software developer and added malware to popular JavaScript libraries, targeting crypto wallets. ”Picture this: you compromise ...
Over the holidays, the npm package registry was flooded with more than 3,000 packages, including one called "everything," and others named a variation of the word. The package is quite aptly named as ...
Microsoft-owned repository GitHub has responded to recent node package manager (npm) attacks such as the Shai-Hulud self-replicating worm, attempting to restore trust in the open-source ecosystem.
If you needed another reminder that our software supply chains are only as strong as their smallest link, the JavaScript ecosystem delivered it. In early September, attackers phished the NPM account ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback