20 articles tagged with "Npm"
Malicious codexui-android npm package stole OpenAI refresh tokens from 29K developers. Mobile apps with 60K installs also compromised—revoke credentials now.
32+ Red Hat Cloud Services npm packages compromised with Mini Shai-Hulud credential-stealing malware. 80K weekly downloads affected—here's what developers need to know.
A fake Sicoob SDK on NuGet exfiltrated PFX certificates and banking credentials from Brazilian developers, while 14 malicious npm packages harvested AWS keys, Vault tokens, and CI/CD secrets.
Daemon Tools, TanStack, and Nx Console all compromised via supply chain attacks. CVSS scores up to 9.5. CISA mandates federal remediation by June 10.
Malicious npm package mouse5212-super-formatter stole files from Claude AI's working directory. The attacker's own GitHub token was exposed in the code, allowing researchers to trace exfiltration.
Leaked Shai-Hulud malware source code fuels new npm supply chain attack. Four malicious packages steal credentials and deploy DDoS bot with TCP/UDP flood capabilities.
Attackers seized control of node-ipc by re-registering the maintainer's expired email domain. Three malicious versions now harvest AWS, GCP, Azure keys and more.
TeamPCP compromised 84 versions across 42 TanStack packages on May 11 using GitHub Actions cache poisoning. The malware steals CI/CD credentials and includes a wiper that triggers on token revocation.
Four official SAP CAP ecosystem packages compromised on April 29, harvesting developer credentials, cloud secrets, and CI/CD tokens through malicious preinstall scripts.
A malicious npm package hijacked Bitwarden CLI's publishing pipeline on April 22, harvesting credentials from 334 developers. Here's what happened.
Critical code injection vulnerability (GHSA-xq3m-2v4x-88gg, CVSS 9.9) in protobuf.js allows arbitrary JavaScript execution via malicious schemas. Patch now.
Contagious Interview campaign escalates with trojanized developer tools across five ecosystems. Packages impersonate logging utilities and steal credentials.
Coordinated npm supply chain attack deploys 36 malicious packages masquerading as Strapi CMS plugins. Attackers target cryptocurrency platforms with Redis exploitation, credential harvesting, and persistent backdoors.
Attackers compromised the Axios npm package to deploy a cross-platform RAT targeting Windows, macOS, and Linux. Here's what happened and what you need to do.
TeamPCP threat actors hijacked Aqua Security's Trivy vulnerability scanner, compromising 75 GitHub Action tags and spreading credential-stealing malware to 47 npm packages via blockchain C2.
GlassWorm campaign expands across Open VSX, npm, and GitHub with invisible Unicode payloads and Solana-based C2. Developers urged to audit dependencies immediately.
Security researchers uncover 26 malicious npm packages using steganography to hide command infrastructure in computer science essays. Famous Chollima cluster targets developers with RAT.
North Korea's Lazarus Group targets blockchain developers with fake recruitment campaign distributing RAT malware through 36 poisoned npm and PyPI packages.
CVE-2025-68428 enables path traversal in the popular JavaScript PDF library, allowing attackers to read arbitrary files from Node.js servers and exfiltrate them via generated documents.
Supply chain attack disguised as working WhatsApp API library stole credentials, messages, and linked attacker devices to victim accounts. 56,000+ downloads since May.