Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to ...
First steps were taken a few days ago, and more are to follow. Users and developers in the NPM ecosystem must act in the ...
Researchers expose Discord webhook C2 in npm, PyPI, RubyGems; North Korean actors published 338 malicious npm packages with ...
Once a dominant category, cryptominers accounted for just 4% of malicious packages in Q3, down from 6% last quarter. This decline reflects the commoditization of simple malware — attackers no longer ...
Threat actors are abusing legitimate NPM infrastructure in a new phishing campaign that breaks from the typical supply chain attack pattern.
The Register on MSN
One line of malicious npm code led to massive Postmark email heist
A fake npm package posing as Postmark's MCP (Model Context Protocol) server silently stole potentially thousands of emails a day by adding a single line of code that secretly copied outgoing messages ...
CERT-In has issued a high-severity warning over a major npm ecosystem compromise named ‘Shai-Hulud,’ targeting credentials linked to Google Cloud, AWS, Microsoft Azure, and developer accounts.
Arabian Post on MSN
North Korea’s “Contagious Interview” Campaign Surges in npm Attack Waves
The Socket Threat Research Team disclosed that attackers uploaded 338 malicious npm modules, collectively downloaded over ...
Sonatype, an AI-centric DevSecOps firm, has released the Open Source Malware Index for Q3 2025, revealing a total of 34,319 new open source malware packages identified across major registries such as ...
North Korean hackers used fake recruiter lures and npm packages to target crypto developers in a large-scale supply-chain attack.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback