A malware campaign presents fake websites that can check if a visitor is a victim or a researcher, and then proceed accordingly to defraud or evade ...
Cybersecurity researchers have revealed a set of seven npm packages published by a single threat actor. These packages use a ...
A new malware campaign has been observed built on seven npm packages and using cloaking techniques and fake CAPTCHAs, ...
Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a ...
Seven packages published on the Node Package Manager (npm) registry use the Adspect cloud-based service to separate ...
A self-replicating attack led to a tidal wave of malicious packages in the NPM registry, targeting tokens for the tea.xyz ...
The Register on MSN
Crims poison 150K+ npm packages with token-farming malware
Amazon spilled the TEA Yet another supply chain attack has hit the npm registry in what Amazon describes as "one of the ...
Goal is to steal Tea tokens by inflating package downloads, possibly for profit when the system can be monetized.
A year of escalating social-engineering attacks has produced one of the most efficient infection chains observed to date. Known as ClickFix, this method requires only that ...
“After GlassWorm showed how quickly a malicious package could self-replicate across npm, and the chalk/debug hijacking ...
A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback