Researchers expose Discord webhook C2 in npm, PyPI, RubyGems; North Korean actors published 338 malicious npm packages with ...

Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to ...

A recent surge in malicious activity involving North Korean-linked threat groups has been identified by cybersecurity researchers, revealing a coordinated campaign targeting the npm ecosystem. The ...

Threat actors are abusing legitimate NPM infrastructure in a new phishing campaign that breaks from the typical supply chain attack pattern.

Security analysts have uncovered a large-scale phishing operation utilising 175 npm packages as infrastructure to redirect victims to credential-harvesting sites. The packages, collectively downloaded ...

A new cyberattack has put millions of crypto users on alert after hackers slipped malicious code into NPM, the software registry that powers thousands of apps and websites, including many tied to ...

A new supply-chain attack compromised at least 187 npm packages, targeting developer secrets across software projects Shai-Hulud worm looks to steal credentials, modify packages, and spread malware ...

ISLAMABAD: A critical supply chain compromise has been disclosed in the npm JavaScript ecosystem, exposing enterprises worldwide to risks of cryptocurrency theft, credential leakage and unauthorized ...

Popular configuration packages for integrating Prettier with ESLint, the widely used code formatting tools within JavaScript and TypeScript projects, were hijacked after a maintainer fell victim to a ...

Application testing company Checkmarx has warned developers to be on the lookout for malicious NPM packages, after discovering a new attack that employs typosquatting to impersonate two popular ...