TechRadar

Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know

Ten typosquatted npm packages delivered infostealing malware to nearly 10,000 systems Malware targeted system keyrings, bypassing app-level security to steal decrypted credentials Affected users must ...
Infosecurity-magazine.com

“IndonesianFoods” npm Worm Publishes 44,000 Malicious Packages

Security researchers have uncovered another large-scale, coordinated attack on the npm ecosystem, using worm-like techniques to spread spam packages. Dubbed “IndonesianFoods” due to the unique naming ...
TechRadar

Popular NPM packages with over a million downloads hit by malware

17 NPM packages with more than a million weekly downloads were compromised to deliver a RAT The attack could turn into a major supply chain attack, experts warned The packages were since deprecated, ...
heise online

Infostealer for Windows, macOS and Linux found in ten packages on npm

Since the beginning of July, packages with well-hidden malicious code have been available in the JavaScript package manager npm. The company Socket, which specializes in software supply chain security ...
CSOonline

Hackers drop 60 npm bombs in less than two weeks to recon dev machines

Threat actors have likely made off with sensitive host and network information from developers’ systems in a coordinated malware campaign, involving 60 malicious npm packages, that were live for just ...