News

Popular NPM packages with over a million downloads hit by malware
NPM packages with more than a million weekly downloads were compromised to deliver a RAT The attack could turn into a major ...
InfoQ2d
Deno 2.3 Now Supports Local NPM Packages
Deno Land recently released Deno 2.3, an update of the Deno runtime that adds support for local NPM packages. Deno 2.3 also ...
Malware found in NPM packages with 1 million weekly downloads
A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were ...
The Hacker News3d
PyPI, npm, and AI Tools Exploited in Malware Surge Targeting DevOps and Cloud Environments
Malware-laced PyPI and npm packages steal developer credentials, CI/CD data, and crypto wallets. Attacks target macOS, AI ...
SecurityWeek11d
Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems
Two malicious NPM packages contain code that would delete production systems when triggered with the right credentials.
Malicious npm packages posing as utilities delete project directories
Two malicious packages have been discovered in the npm JavaScript package index, which masquerades as useful utilities but, ...
CSO Online10d
New npm threats can erase production systems with a single request
The packages carry backdoors that first collect environment information and then delete entire application directories.