Malicious npm package mimics an ESLint plugin, embeds an AI-tricking prompt, and steals environment variables via a ...
North Korean hackers intensify their efforts against blockchain and Web3 developers, using nearly 200 malicious npm packages ...
A package called “aabquerys” has been spotted on the open-source JavaScript npm repository using typosquatting techniques to enable the download of malicious components. The findings come from ...
A major JavaScript supply-chain attack has compromised hundreds of software packages — including at least 10 used widely across the crypto ecosystem — according to new research from cybersecurity firm ...
A new campaign involving 19 malicious Visual Studio Code extensions used a legitimate npm package to embed malware in ...
The latest attack from the self-replicating npm-package poisoning worm can also steal credentials and secrets from AWS, ...
A spate of supply chain attacks forces GitHub’s npm to revoke ‘classic’ tokens. Despite this, larger worries about developer ...
Researchers have identified yet another malicious use for JavaScript packages hosted on the npm registry: hosting files required by automated phishing kits or slipping phishing pages into applications ...
Researchers have discovered a supply chain attack that uses packages hosted on the Node Package Manager, the manager for the Node.js JavaScript platform. Detailed today by Reverse Engineer Karlo Zanki ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback