News
In the npm ecosystem, postinstall scripts are often overlooked attack vectors—they run automatically after a package is ...
The Register on MSN6h
Rampant emoji use suggests crypto-stealing NPM package was written by AIKodane code was either machine-generated or done by a teenager An NPM package packed with cryptocurrency-stealing malware ...
Stylus library and replaced them with a "security holding" page, breaking pipelines and builds worldwide that rely on the ...
The popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers ...
The Register on MSN8d
Not pretty, not Windows-only: npm phishing attack laces popular packages with malwareThe "is" package was infected with cross-platform malware after a scam targeting maintainers The popular npm package "is" was ...
It has been a busy week for supply-chain attacks targeting open source software available in public repositories, with ...
In a newly discovered supply chain attack, attackers last week targeted a range of npm-hosted JavaScript type testing ...
npm packages hit by phishing-based supply chain attack, exposing developers to malware and remote access threats.
Several popular npm packages with millions of weekly downloads were targeted, and one used as a launchpad for malware deployment, when its maintainer fell prey to a phishing attack. JounQin is a ...
Experts have warned that ‘is’, an npm package with more than 2.8 million weekly downloads, was also compromised in the same manner, and served malware for roughly six hours.
DLL-based malware targets Windows users after a phishing campaign tricked the maintainer into leaking a token.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback