npm
-
Vite Development Server Flaw Allows Attackers Bypass Path Restrictions
A critical security vulnerability, CVE-2025-31125, has been identified in the Vite development server. Due to improper path verification during URL request…
Read More » -
New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers
Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated attack targeting various organizations, unlike typical…
Read More » -
Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks
A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing millions of systems to potential remote…
Read More » -
Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware
Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer through malicious packages disguised as legitimate…
Read More » -
Researchers Uncover Backdoor in Solana’s Popular Web3.js npm Library
Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two…
Read More » -
XMLRPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner
Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm…
Read More » -
Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages
An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to…
Read More » -
LottieFiles Issues Warning About Compromised “lottie-player” npm Package
LottieFiles has revealed that its npm package “lottie-player” was compromised as part of a supply chain attack, prompting it to…
Read More » -
BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers
Three malicious packages published to the npm registry in September 2024 have been found to contain a known malware called…
Read More »