npm

Malicious packages in the NPM designed for highly-targeted attacks

Researchers discovered a new set of malicious packages on the npm package manager that can…

NPM packages found containing the TurkoRat infostealer

Experts discovered two malicious packages in the npm package repository, both were laced with an…

Large-scale cryptomining campaign is targeting the NPM JavaScript package repository

Researchers uncovered a large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. Checkmarx researchers…

Malicious NPM packages used to grab data from apps, websites

Researchers from ReversingLabs discovered tens of malicious NPM packages stealing data from apps and web…

Tens of malicious NPM packages caught hijacking Discord servers

Researches from cybersecurity firm JFrog found 17 malicious packages on the NPM package repository hijacking…

GitHub addressed two major vulnerabilities in the NPM package manager

Maintainers of the npm package manager for the JavaScript programming language disclosed multiple flaws that were recently addressed.…

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

The U.S. CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which…

Popular NPM package Pac-Resolver affected by a critical flaw

Experts found a critical flaw, tracked as CVE-2021-23406, in the popular NPM package 'Pac-Resolver' that has…

Malicious npm packages spotted delivering njRAT Trojan

npm security staff removed two packages that contained malicious code to install the njRAT remote…

Massive threat campaign strikes open-source repos, Sonatype spots new CursedGrabber malware

Sonatype’s deep dive research allowed to identify a new family of Discord malware called CursedGrabber.…

This website uses cookies.