Seven packages published on the Node Package Manager (npm) registry use the Adspect cloud-based service to separate ...

The coordinated campaign has so far published as many as 46,484 packages, according to SourceCodeRED security researcher Paul ...

Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " ...

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...

A self-replicating attack led to a tidal wave of malicious packages in the NPM registry, targeting tokens for the tea.xyz ...

A threat actor has published tens of thousands of malicious NPM packages that contain a self-replicating worm, security ...

An auto-spamming payload published on npm spams the registry by spawning new packages every seven seconds, creating large ...

“After GlassWorm showed how quickly a malicious package could self-replicate across npm, and the chalk/debug hijacking ...

Amazon spilled the TEA Yet another supply chain attack has hit the npm registry in what Amazon describes as "one of the ...

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser ...

More than 150,000 malicious packages were published in the NPM registry as part of a recently uncovered spam campaign, Amazon ...

Cybersecurity researchers Endor Labs discovered more than 43,000 spam packages which took almost two years to upload in a ...