North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...
The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ‘the JavaScript ecosystem deserves better.’ Javascript developers should ...
Cybersecurity researchers have uncovered three malicious Bitcoin npm packages designed to install malware called NodeCordRAT. NodeCordRAT is equipped to steal Google Chrome credentials, API tokens ...
The Dune-inspired Shai Hulud has returned in a weaponized upgrade, unleashing an automated supply chain worm that's infected over 25,000 npm repositories, tied to hundreds of maintainers. See Also: ...
A major NPM supply-chain attack has compromised ENS-linked libraries and 490 packages with 132 million monthly downloads, deploying malware that steals developer credentials across crypto platforms. A ...
Security researchers have uncovered another large-scale, coordinated attack on the npm ecosystem, using worm-like techniques to spread spam packages. Dubbed “IndonesianFoods” due to the unique naming ...
The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious artifacts under GitHub’s own name. A ...
Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection. The finding, ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results