Researchers discovered malicious npm packages posing as n8n integrations, exfiltrating OAuth tokens and API keys from ...
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Malicious NPM package lotusbail hijacks WhatsApp accounts, stealing tokens, messages, and ...
A stealthy campaign with 19 extensions on the VSCode Marketplace has been active since February, targeting developers with malware hidden inside dependency folders. The malicious activity was ...
What Happened in the Shai Hulud JavaScript Attack? A major JavaScript supply-chain attack has compromised more than 400 NPM packages — including at least 10 widely used across the crypto ecosystem — ...
Amazon researchers discovered more than 150,000 malicious packages in the NPM registry, in what they called "a defining moment in supply chain security." The packages were part of a token farming ...
The spam campaign is likely orchestrated by an Indonesian threat actor, based on code comments and the packages’ random names. A threat actor has published tens of thousands of malicious NPM packages ...
Malicious code continues to be uploaded to open source repositories, making it a challenge for responsible developers to trust what’s there, and for CISOs to trust applications that include open ...
Threat actors are finding new ways to insert invisible code or links into open source code to evade detection of software supply chain attacks. The latest example was found by researchers at ...
Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection. The finding, ...
A new cyber threat, the "Shai-Hulud" worm, has compromised the Node Package Manager (npm) ecosystem, which is widely used by organizations for JavaScript development. This attack has resulted in ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback