Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Connect all your configuration files and autogenerate code—Jsonnet is the missing piece for large code bases.
June 19, 2026 update: Microsoft assesses with high confidence that this activity is attributable to Sapphire Sleet, a North Korean state actor that primarily targets the financial sector. The ...
Python developer Roman Imankulov nearly took the bait. The fact that he didn't can be chalked up to human intuition and AI code vetting. A person claiming to be a recruiter from a small crypto startup ...
A npm supply chain attack named Miasma compromised 32 official packages under Red Hat's @redhat-cloud-services namespace on June 1, 2026, injecting a self-propagating credential-stealing worm that ...
Microsoft Threat Intelligence has uncovered an active supply chain attack involving malicious npm packages registered under organizational scopes that mirror real internal corporate namespaces, ...
A single npm user on Thursday published 14 malicious packages within a four-hour window, all mimicking popular OpenSearch, Elasticsearch, DevOps, and environment-configuration libraries, according to ...
The Mini Shai-Hulud worm compromised 323 npm packages through the hijacked “atool” account on May 19, publishing 639 malicious versions. Affected packages include echarts-for-react (1.1M weekly ...
The post PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers appeared first on Mend. Mend’s security research team has identified a previously ...
In the wake of a critical supply chain attack targeting the widely used Axios JavaScript library, like leading analyst from NST Cyber pointed out, Many CXOs community chief information security ...
Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL ...