npm

The popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attackThe popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack

The popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack

The xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack aimed at stealing users' private keys. Threat actors…

4 weeks ago
Malicious npm packages target Ethereum developers<gwmw style="display:none;"></gwmw>Malicious npm packages target Ethereum developers<gwmw style="display:none;"></gwmw>

Malicious npm packages target Ethereum developers<gwmw style="display:none;"></gwmw>

Malicious npm packages target Ethereum developers, impersonating Hardhat plugins to steal private keys and sensitive data. Hardhat, by the Nomic Foundation,…

4 months ago
A supply chain attack on crypto hardware wallet Ledger led to the theft of $600KA supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

A supply chain attack against Crypto hardware wallet maker Ledger resulted in the theft of $600,000 in virtual assets. Threat actors…

1 year ago
Malicious packages in the NPM designed for highly-targeted attacksMalicious packages in the NPM designed for highly-targeted attacks

Malicious packages in the NPM designed for highly-targeted attacks

Researchers discovered a new set of malicious packages on the npm package manager that can exfiltrate sensitive developer data. On…

2 years ago
NPM packages found containing the TurkoRat infostealerNPM packages found containing the TurkoRat infostealer

NPM packages found containing the TurkoRat infostealer

Experts discovered two malicious packages in the npm package repository, both were laced with an open-source info-stealer called TurkoRat. ReversingLabs discovered…

2 years ago
Large-scale cryptomining campaign is targeting the NPM JavaScript package repositoryLarge-scale cryptomining campaign is targeting the NPM JavaScript package repository

Large-scale cryptomining campaign is targeting the NPM JavaScript package repository

Researchers uncovered a large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. Checkmarx researchers spotted a new large-scale cryptocurrency…

3 years ago
Malicious NPM packages used to grab data from apps, websitesMalicious NPM packages used to grab data from apps, websites

Malicious NPM packages used to grab data from apps, websites

Researchers from ReversingLabs discovered tens of malicious NPM packages stealing data from apps and web forms. Researchers from ReversingLabs discovered…

3 years ago
Tens of malicious NPM packages caught hijacking Discord serversTens of malicious NPM packages caught hijacking Discord servers

Tens of malicious NPM packages caught hijacking Discord servers

Researches from cybersecurity firm JFrog found 17 malicious packages on the NPM package repository hijacking Discord servers. JFrog researchers have…

3 years ago
GitHub addressed two major vulnerabilities in the NPM package managerGitHub addressed two major vulnerabilities in the NPM package manager

GitHub addressed two major vulnerabilities in the NPM package manager

Maintainers of the npm package manager for the JavaScript programming language disclosed multiple flaws that were recently addressed. GitHub disclosed two major vulnerabilities…

4 years ago
Supply-chain attack on NPM Package UAParser, which has millions of daily downloadsSupply-chain attack on NPM Package UAParser, which has millions of daily downloads

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

The U.S. CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads.…

4 years ago