npm
-
Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack
A new deceptive package hidden within the npm package registry has been uncovered deploying an open-source rootkit called r77, marking…
Read More » -
Over 3 Dozen Data-Stealing Malicious npm Packages Found Targeting Developers
Nearly three dozen counterfeit packages have been discovered in the npm package repository that are designed to exfiltrate sensitive data…
Read More » -
GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
A new malicious campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an…
Read More » -
Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys
Cybersecurity researchers have discovered a fresh batch of malicious packages in the npm package registry that are designed to exfiltrate…
Read More » -
Researchers Warn of Cyber Weapons Used by Lazarus Group’s Andariel Cluster
The North Korean threat actor known as Andariel has been observed employing an arsenal of malicious tools in its cyber…
Read More » -
North Korean Hackers Deploy New Malicious Python Packages in PyPI Repository
Three additional rogue Python packages have been discovered in the Package Index (PyPI) repository as part of an ongoing malicious…
Read More » -
Malicious npm Packages Aim to Target Developers for Source Code Theft
An unknown threat actor is leveraging malicious npm packages to target developers with an aim to steal source code and…
Read More » -
Developers Beware: Malicious Rust Libraries Caught Transmitting OS Info to Telegram Channel
In yet another sign that developers continue to be targets of software supply chain attacks, a number of malicious packages…
Read More » -
Over a Dozen Malicious npm Packages Target Roblox Game Developers
More than a dozen malicious packages have been discovered on the npm package repository since the start of August 2023…
Read More » -
North Korean Hackers Suspected in New Wave of Malicious npm Packages
The npm package registry has emerged as the target of yet another highly targeted attack campaign that aims to entice…
Read More »