News

The Hacker News2d
Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems
Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram ...
How to configure MCP server on Windows 11 using Claude?
If you want to configure MCP server on Windows 11/`0 using Claude, get GitHub token, install Claude desktop, and follow the ...
Developer Tech6d
Masquerading payment npm package installs backdoor
Cybersecurity researchers at Socket have uncovered a malicious npm package that hijacks server control during payment ...
DataBreachToday15d
Lazarus Expands NPM Campaign With Trojan Loaders
North Korea's Lazarus Group expanded a malicious campaign of uploading malicious code to the JavaScript runtime environment ...
Bleeping Computer27d
New npm attack poisons local packages with backdoors
is based on the popular 'ssh2' npm package but with a modified 'install.js' script that downloads a second-stage payload from an external source, which is executed and then deleted when finished ...
Bleeping Computer25d
Infostealer campaign compromises 10 npm packages, targets devs
Ten npm packages were suddenly updated with malicious ... and is found in two heavily obfuscated scripts, "/scripts/launch.js" and "/scripts/diagnostic-report.js," which execute upon the package ...