News

A hacking campaign is spreading malicious reconnaissance scripts already downloaded more than 3,000 times from the JavaScript ...
Researchers have found malicious software that received more than 6,000 downloads from the NPM repository over a two-year ...
NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat ...
Security experts at Socket’s Threat Research team, have discovered a campaign in the NPM ecosystem, which includes Malicious ...
The npm registry is once again in the spotlight, this time battling a malware campaign using malicious packages to map ...
A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google ...
A potential privilege escalation flaw affecting Google Cloud Platform (GCP) Cloud Functions and its Cloud Build service has ...
An ongoing attack is uploading hundreds of malicious packages to the open source node package manager (NPM) repository in an attempt to infect the devices of developers who rely on code libraries ...
Supply chain attack compromises the popular rand-user-agent scraping NPM package to deploy and activate a backdoor.
Many versions of the Ripple ledger (XRPL) official NPM package are compromised with malware injected to steal cryptocurrency.… The NPM package, xrpl, is a JavaScript/TypeScript library that devs ...