A dramatic spike in npm-focused intrusions shows how attackers have shifted from opportunistic typosquatting to systematic, credential-driven supply chain compromises — exploiting CI systems, ...
Researchers at Zscaler ThreatLabz have found three malicious Bitcoin npm packages that are meant to implant malware named ...
A jsPDF vulnerability tracked as CVE-2025-68428 could allow attackers to read arbitrary files, exposing configurations and ...
Security researchers found 3 npm packages that installed NodeCordRAT malware, stealing browser data, crypto wallet secrets & ...
A critical CVSS 9.2 flaw in AdonisJS bodyparser lets attackers write arbitrary files via path traversal when uploads are ...
What Happened in the Shai Hulud JavaScript Attack? A major JavaScript supply-chain attack has compromised more than 400 NPM packages — including at least 10 widely used across the crypto ecosystem — ...
An apparent "Dune" aficionado is responsible for perpetrating the first self-propagating attack on the npm JavaScript repository in what a security company has described as being one of the most ...
The supply chain attack through npm packages stole just $497 within the first hours, reaching only obscure meme tokens. The attack mostly affected MetaMask users, relying on luck to drain a larger ...
18 popular NPM packages with over 2 billion weekly downloads were compromised through a phishing attack targeting developer “Qix” The malware functioned as a “crypto-clipper,” silently replacing ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback