News
New malware campaign uses typo-squatting and fake developer packages to spread threats across Windows and Linux.
All malicious npm packages carried identical payloads for snooping sensitive network information from developers’ systems.
Socket's threat researchers have uncovered a package lurking in npm for six years that awaits a remote command to wipe ...
Cybersecurity researchers Socket have warned of multiple malicious packages hosted on NPM, stealing sensitive user data and ...
VS Code extensions deployed sandbox-evasive malware to steal system data, developer credentials, and crypto wallets.
The npm registry is once again in the spotlight, this time battling a malware campaign using malicious packages to map ...
The risks associated with leveraging open source libraries, and the review needed, are increasing. In the first half of 2025, ...
Security firm Socket warns flags a campaign targeting NPM users with tens of malicious packages that can hijack system information.
Security experts at Socket’s Threat Research team, have discovered a campaign in the NPM ecosystem, which includes Malicious ...
Results that may be inaccessible to you are currently showing.
Hide inaccessible results