Malicious actors are now injecting malicious codes into legitimate projects to steal digital assets from unsuspecting users.

Researchers found malicious packages on the npm registry that, when installed, inject malicious code into legitimate npm packages already residing on developers’ machines. Attackers who target ...

Security researchers are warning that threat actors are using less noticeable techniques to compromise and steal funds from ...

Malicious npm package pdf-to-office trojanizes Atomic Wallet, Exodus apps to steal crypto funds, persisting after deletion.

Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems. The campaign targeted multiple cryptocurrency ...

A new class of supply chain attacks named 'slopsquatting' has emerged from the increased use of generative AI tools for ...

Malicious npm package targets wallet addresses in Atomic and Exodus, stealing crypto through fake PDF tool downloads.

Threat actors have been publishing malicious NPM packages to steal the information and funds of PayPal and cryptocurrency wallet users.

While infostealers remain a common threat in the npm ecosystem, this campaign demonstrates an evolution in attacker tactics, focusing on long-term persistence and stealth. Notably, the malicious code ...

North Korean actors used 11 npm packages downloaded 5,600+ times to spread BeaverTail malware, expanding attacks to Bitbucket ...

North Korea's Lazarus Group expanded a malicious campaign of uploading malicious code to the JavaScript runtime environment ...