Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " ...
For the past four months, over 130 malicious NPM packages deploying information stealers have been collectively downloaded ...
Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection.
The ongoing ‘PhantomRaven’ malicious campaign has infected 126 npm packages to date, representing 86,000 downloads ...
Ten typosquatted npm packages (Jul 4, 2025) delivered a 24MB PyInstaller info stealer using 4 obfuscation layers; ~9,900 ...
Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component ...
A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be ...
Recently, security researchers Socket found 10 packages on npm targeting software developers, specifically those who use the ...
Software supply chain security firm JFrog has disclosed the details of a critical vulnerability affecting a popular React ...
Having another security threat emanating from Node.js’ Node Package Manager (NPM) feels like a weekly event at this point, ...
The Register on MSN
Invisible npm malware pulls a disappearing act – then nicks your tokens
PhantomRaven slipped over a hundred credential-stealing packages into npm A new supply chain attack dubbed PhantomRaven has ...
Cryptopolitan on MSN
Malicious VS Code extensions resurface, stealing GitHub credentials and crypto wallets
Developers will have to contend with a dormant turned active malicious code on Visual Studio Code (VS Code) extensions, which ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback