A threat actor has published tens of thousands of malicious NPM packages that contain a self-replicating worm, security ...
Yet another supply chain attack has hit the npm registry in what Amazon describes as "one of the largest package flooding ...
Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a ...
More than 150,000 malicious packages were published in the NPM registry as part of a recently uncovered spam campaign, Amazon ...
Seven packages published on the Node Package Manager (npm) registry use the Adspect cloud-based service to separate ...
The coordinated campaign has so far published as many as 46,484 packages, according to SourceCodeRED security researcher Paul ...
“After GlassWorm showed how quickly a malicious package could self-replicate across npm, and the chalk/debug hijacking ...
PhantomRaven slipped over a hundred credential-stealing packages into npm A new supply chain attack dubbed PhantomRaven has flooded the npm registry with malicious packages that steal credentials, ...
The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases. A series of malicious packages in the Node.js package manager (npm) code ...
A hacker has gained access to a developer's npm account and injected malicious code into a popular JavaScript library, code that was designed to steal the npm credentials of users who utilize the ...