Popular JavaScript libraries were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. The attacker(s) used stolen ...

In a newly discovered supply chain attack, attackers last week targeted a range of npm-hosted JavaScript type testing utilities, several of which were successfully compromised to distribute malware.

North Korean hackers intensify their efforts against blockchain and Web3 developers, using nearly 200 malicious npm packages ...

Ten typosquatted npm packages delivered infostealing malware to nearly 10,000 systems Malware targeted system keyrings, bypassing app-level security to steal decrypted credentials Affected users must ...

Security researchers from Reversing Labs find two malicious packages on npm These serve as downloaders and target software developers building on the Ethereum blockchain The malware opens a reverse ...

Shai-Hulud is the worst-ever npm JavaScript attack. This software supply chain worm attack is still ongoing. Here are some ways you can prevent such attacks. For those of you who aren't Dune fans, ...

A recent surge in malicious activity involving North Korean-linked threat groups has been identified by cybersecurity researchers, revealing a coordinated campaign targeting the npm ecosystem. The ...

17 NPM packages with more than a million weekly downloads were compromised to deliver a RAT The attack could turn into a major supply chain attack, experts warned The packages were since deprecated, ...

The popular npm package "is" was infected with cross-platform malware, around the same time that linting utility packages used with the prettier code formatter were infected with Windows-only malware.

Seven packages published on the Node Package Manager (npm) registry use the Adspect cloud-based service to separate researchers from potential victims and lead them to malicious locations. The purpose ...