Researchers uncovered 27 malicious npm packages used over five months to host phishing pages that steal credentials from ...
Node Package Manager (NPM) is installed on your Windows computer once you install Node.js. It is a package manager for modules of Node.js, and it’s ready to run on your Windows PC. In this article, we ...
New malicious NPM packages have been discovered that install the njRAT remote access trojan that allows hackers to gain control over a computer. NPM is a JavaScript package manager that allows ...
A new supply-chain attack compromised at least 187 npm packages, targeting developer secrets across software projects Shai-Hulud worm looks to steal credentials, modify packages, and spread malware ...
Over 43,000 dormant spam packages flooded npm in a coordinated two-year campaign Some packages contained worm-like scripts that auto-generated and published new entries Attackers may have faked TEA ...
A new Shai-Hulud npm strain and a fake Jackson Maven package show how attackers abuse trusted dependencies to steal secrets ...
Security researchers discovered a fake WhatsApp API package on npm that steals developer credentials, raising fresh alarms ...
Researchers continue to investigate a wave of malicious npm packages, with the published tally now reaching over 700. Last week, JFrog researchers disclosed the scheme in which an unknown threat actor ...
Malicious code continues to be uploaded to open source repositories, making it a challenge for responsible developers to trust what’s there, and for CISOs to trust applications that include open ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback