An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and websites. As ...
17 NPM packages with more than a million weekly downloads were compromised to deliver a RAT The attack could turn into a major supply chain attack, experts warned The packages were since deprecated, ...
Over 43,000 dormant spam packages flooded npm in a coordinated two-year campaign Some packages contained worm-like scripts that auto-generated and published new entries Attackers may have faked TEA ...
Hosted on MSN
More popular npm packages hijacked to spread malware
A npm package maintainer has fallen victim to a phishing attack The attackers accessed packages and updated them to carry malware Most antivirus programs are still not properly flagging the malicious ...
A new Shai-Hulud npm strain and a fake Jackson Maven package show how attackers abuse trusted dependencies to steal secrets ...
Having another security threat emanating from Node.js’ Node Package Manager (NPM) feels like a weekly event at this point, but this newly discovered one is among the more refined. It exploits not only ...
Security researchers spotted 67 malicious packages on npm The packages are part of the Contagious Interview campaign They are most likely deployed by North Korean attackers North Korean hackers have ...
An ongoing npm credential harvesting campaign operating since August 2025 has been discovered by researchers at Koi Security. The malware, dubbed PhantomRaven by the researchers, is actively stealing ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback