15 articles tagged with "Npm"
Leaked Shai-Hulud malware source code fuels new npm supply chain attack. Four malicious packages steal credentials and deploy DDoS bot with TCP/UDP flood capabilities.
Attackers seized control of node-ipc by re-registering the maintainer's expired email domain. Three malicious versions now harvest AWS, GCP, Azure keys and more.
TeamPCP compromised 84 versions across 42 TanStack packages on May 11 using GitHub Actions cache poisoning. The malware steals CI/CD credentials and includes a wiper that triggers on token revocation.
Four official SAP CAP ecosystem packages compromised on April 29, harvesting developer credentials, cloud secrets, and CI/CD tokens through malicious preinstall scripts.
A malicious npm package hijacked Bitwarden CLI's publishing pipeline on April 22, harvesting credentials from 334 developers. Here's what happened.
Critical code injection vulnerability (GHSA-xq3m-2v4x-88gg, CVSS 9.9) in protobuf.js allows arbitrary JavaScript execution via malicious schemas. Patch now.
Contagious Interview campaign escalates with trojanized developer tools across five ecosystems. Packages impersonate logging utilities and steal credentials.
Coordinated npm supply chain attack deploys 36 malicious packages masquerading as Strapi CMS plugins. Attackers target cryptocurrency platforms with Redis exploitation, credential harvesting, and persistent backdoors.
Attackers compromised the Axios npm package to deploy a cross-platform RAT targeting Windows, macOS, and Linux. Here's what happened and what you need to do.
TeamPCP threat actors hijacked Aqua Security's Trivy vulnerability scanner, compromising 75 GitHub Action tags and spreading credential-stealing malware to 47 npm packages via blockchain C2.
GlassWorm campaign expands across Open VSX, npm, and GitHub with invisible Unicode payloads and Solana-based C2. Developers urged to audit dependencies immediately.
Security researchers uncover 26 malicious npm packages using steganography to hide command infrastructure in computer science essays. Famous Chollima cluster targets developers with RAT.
North Korea's Lazarus Group targets blockchain developers with fake recruitment campaign distributing RAT malware through 36 poisoned npm and PyPI packages.
CVE-2025-68428 enables path traversal in the popular JavaScript PDF library, allowing attackers to read arbitrary files from Node.js servers and exfiltrate them via generated documents.
Supply chain attack disguised as working WhatsApp API library stole credentials, messages, and linked attacker devices to victim accounts. 56,000+ downloads since May.