Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
How-To Geek on MSN
I stopped maintaining 30 JSON files by hand with this one tool
Connect all your configuration files and autogenerate code—Jsonnet is the missing piece for large code bases.
From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet
June 19, 2026 update: Microsoft assesses with high confidence that this activity is attributable to Sapphire Sleet, a North Korean state actor that primarily targets the financial sector. The ...
Python developer Roman Imankulov nearly took the bait. The fact that he didn't can be chalked up to human intuition and AI code vetting. A person claiming to be a recruiter from a small crypto startup ...
A npm supply chain attack named Miasma compromised 32 official packages under Red Hat's @redhat-cloud-services namespace on June 1, 2026, injecting a self-propagating credential-stealing worm that ...
Microsoft Threat Intelligence has uncovered an active supply chain attack involving malicious npm packages registered under organizational scopes that mirror real internal corporate namespaces, ...
A single npm user on Thursday published 14 malicious packages within a four-hour window, all mimicking popular OpenSearch, Elasticsearch, DevOps, and environment-configuration libraries, according to ...
The Mini Shai-Hulud worm compromised 323 npm packages through the hijacked “atool” account on May 19, publishing 639 malicious versions. Affected packages include echarts-for-react (1.1M weekly ...
The post PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers appeared first on Mend. Mend’s security research team has identified a previously ...
In the wake of a critical supply chain attack targeting the widely used Axios JavaScript library, like leading analyst from NST Cyber pointed out, Many CXOs community chief information security ...
Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results