npm

May 17, 2025

Sophisticated NPM Attack Leverages Google Calendar2 for Advanced Communication

A startling discovery in the npm ecosystem has revealed a highly sophisticated malware campaign embedded within the seemingly innocuous package…
Read More »
April 4, 2025

Vite Development Server Flaw Allows Attackers Bypass Path Restrictions

A critical security vulnerability, CVE-2025-31125, has been identified in the Vite development server. Due to improper path verification during URL request…
Read More »
December 28, 2024

New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers

Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated attack targeting various organizations, unlike typical…
Read More »
December 24, 2024

Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks

A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing millions of systems to potential remote…
Read More »
December 23, 2024

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer through malicious packages disguised as legitimate…
Read More »
December 4, 2024

Researchers Uncover Backdoor in Solana’s Popular Web3.js npm Library

Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two…
Read More »
November 28, 2024

XMLRPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner

Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm…
Read More »
November 5, 2024

Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages

An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to…
Read More »
October 31, 2024

LottieFiles Issues Warning About Compromised “lottie-player” npm Package

LottieFiles has revealed that its npm package “lottie-player” was compromised as part of a supply chain attack, prompting it to…
Read More »
October 28, 2024

BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers

Three malicious packages published to the npm registry in September 2024 have been found to contain a known malware called…
Read More »