News

Misspelled a site's name? Cybercriminals are exploiting this to infect your computer with malware - here's how to stay safe
New malware campaign uses typo-squatting and fake developer packages to spread threats across Windows and Linux.
CSO Online9d
Hackers drop 60 npm bombs in less than two weeks to recon dev machines
All malicious npm packages carried identical payloads for snooping sensitive network information from developers’ systems.
Developer Tech6d
Package lurking in npm for six years waits to destroy your work
Socket's threat researchers have uncovered a package lurking in npm for six years that awaits a remote command to wipe ...
NPM users warned dozens of malicious packages aim to steal host and network data
Cybersecurity researchers Socket have warned of multiple malicious packages hosted on NPM, stealing sensitive user data and ...
The Hacker News10d
Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto
VS Code extensions deployed sandbox-evasive malware to steal system data, developer credentials, and crypto wallets.
Developer Tech13d
60 malicious npm packages caught mapping developer networks
The npm registry is once again in the spotlight, this time battling a malware campaign using malicious packages to map ...
JD Supra1d
Threat actors increasingly introducing malicious code into open source packages
The risks associated with leveraging open source libraries, and the review needed, are increasing. In the first half of 2025, ...
SecurityWeek9d
Ongoing Campaign Uses 60 NPM Packages to Steal Data
Security firm Socket warns flags a campaign targeting NPM users with tens of malicious packages that can hijack system information.
Windows Report12d
Malicious NPM packages are stealing data and damaging systems
Security experts at Socket’s Threat Research team, have discovered a campaign in the NPM ecosystem, which includes Malicious ...