Bleeping Computer

Popular node-ipc npm package compromised to steal credentials

Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. The node-ipc ...
Bleeping Computer

NodeJS module downloaded 7M times lets hackers inject code

A Node.js module downloaded millions of times has a security flaw that can enable attackers to perform a denial-of-service (DoS) attack on a server or get full-fledged remote shell access. The ...