ZDNet

Malicious npm packages caught installing remote access trojans

The security team behind the "npm" repository for JavaScript libraries removed two npm packages this Monday for containing malicious code that installed a remote access trojan (RAT) on the computers ...
Bleeping Computer

Malicious NPM packages used to install njRAT remote access trojan

New malicious NPM packages have been discovered that install the njRAT remote access trojan that allows hackers to gain control over a computer. NPM is a JavaScript package manager that allows ...
Hackaday

This Week In Security: The Shai-Hulud Worm, ShadowLeak, And Inside The Great Firewall

Hardly a week goes by that there isn’t a story to cover about malware getting published to a repository. Last week it was ...
The Hacker News

GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security

GitHub enforces FIDO 2FA and seven-day token limits after Shai-Hulud npm attack to boost supply chain security.
InfoWorld

GitHub bolsters NPM access control

New granular access tokens allow NPM package maintainers to restrict which packages, scopes, and organizations a token has access to. Looking to improve the safety and security of NPM JavaScript ...

How to stay safe if you’re using MetaMask, Phantom, Trust or any crypto wallet from NPM attack

Note: If you’re using MetaMask, Phantom, Trust Wallet, or any crypto app, the advice is simple, take your time, check every ...
MediaNama

Why CERT-In Is Warning Startups and IT Companies About Dune-Inspired Malware ‘Shai-Hulud’

CERT-In has issued an advisory warning of Shai-Hulud malware that targets JavaScript’s Node Package Manager (npm) ecosystem ...

How GitHub Is Securing the Software Supply Chain

In light of recent cyberattacks and growing security concerns, GitHub is taking immediate and direct action to secure the ...