Researchers expose Discord webhook C2 in npm, PyPI, RubyGems; North Korean actors published 338 malicious npm packages with ...
First steps were taken a few days ago, and more are to follow. Users and developers in the NPM ecosystem must act in the ...
Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to ...
Threat actors are abusing legitimate NPM infrastructure in a new phishing campaign that breaks from the typical supply chain attack pattern.
CERT-In has issued a high-severity warning over a major npm ecosystem compromise named ‘Shai-Hulud,’ targeting credentials linked to Google Cloud, AWS, Microsoft Azure, and developer accounts.
The Register on MSN
One line of malicious npm code led to massive Postmark email heist
A fake npm package posing as Postmark's MCP (Model Context Protocol) server silently stole potentially thousands of emails a day by adding a single line of code that secretly copied outgoing messages ...
Arabian Post on MSN
North Korea’s “Contagious Interview” Campaign Surges in npm Attack Waves
The Socket Threat Research Team disclosed that attackers uploaded 338 malicious npm modules, collectively downloaded over ...
Sonatype, an AI-centric DevSecOps firm, has released the Open Source Malware Index for Q3 2025, revealing a total of 34,319 new open source malware packages identified across major registries such as ...
North Korean hackers used fake recruiter lures and npm packages to target crypto developers in a large-scale supply-chain ...
If you needed another reminder that our software supply chains are only as strong as their smallest link, the JavaScript ecosystem delivered it. In early September, attackers phished the NPM account ...
Results that may be inaccessible to you are currently showing.
Hide inaccessible results
Feedback