News

The Hacker News3d
PyPI, npm, and AI Tools Exploited in Malware Surge Targeting DevOps and Cloud Environments
Malware-laced PyPI and npm packages steal developer credentials, CI/CD data, and crypto wallets. Attacks target macOS, AI ...
Popular NPM packages with over a million downloads hit by malware
NPM packages with more than a million weekly downloads were compromised to deliver a RAT The attack could turn into a major ...
Malware found in NPM packages with 1 million weekly downloads
A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were ...
InfoQ1d
Deno 2.3 Now Supports Local NPM Packages
Deno Land recently released Deno 2.3, an update of the Deno runtime that adds support for local NPM packages. Deno 2.3 also ...
SecurityWeek10d
Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems
Two malicious NPM packages contain code that would delete production systems when triggered with the right credentials.
Malicious npm packages posing as utilities delete project directories
Two malicious packages have been discovered in the npm JavaScript package index, which masquerades as useful utilities but, ...
CSO Online9d
New npm threats can erase production systems with a single request
The packages carry backdoors that first collect environment information and then delete entire application directories.
Developer Tech10d
Veracode unravels 12-layer npm attack to find RAT
Security researchers at Veracode stumbled upon two seemingly harmless software packages on the npm repository.