Researchers at Zscaler ThreatLabz have found three malicious Bitcoin npm packages that are meant to implant malware named NodeCordRAT. Reports say that they all got more than 3,400 downloads before ...

A new report out today from managed detection and response company Expel Inc. details a newly identified variant of the Shai Hulud malware that is demonstrating how software supply chain attacks are ...

A new supply chain attack dubbed PhantomRaven has flooded the npm registry with malicious packages that steal credentials, tokens, and secrets during installation. The packages appear safe when first ...

The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM (Node Package Manager) registry and publishing stolen data in 30,000 GitHub ...

The popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices. This occurred after maintainer accounts ...

A new malware campaign built around seven npm packages has been uncovered by cybersecurity experts. The campaign, observed by the Socket Threat Research Team, is operated by a threat actor known as ...

Researchers discovered malicious npm packages posing as n8n integrations, exfiltrating OAuth tokens and API keys from ...

Malware Injected Into Code Packages That Get 2 Billion+ Downloads Each Week Your email has been sent An attack targeting the Node.js ecosystem was just identified ...

Ethereum smart contracts used to hide URL to secondary malware payloads in an attack chain triggered by a malicious GitHub repo. Attackers behind a recent supply chain attack that involved rogue ...

Attackers have poisoned a code package on the npm registry in a novel way, hiding credential-stealing malware in steganographic QR codes embedded in a package purporting to offer a JavaScript utility.

The breach hit core JavaScript libraries such as chalk and strip-ansi, downloaded billions of times each week, raising alarms over the security of open-source software. Hackers have compromised widely ...