News

Ripple NPM supply chain attack hunts for private keys
Targeting NPM is an increasingly popular method of launching supply chain attacks for cybercriminals, primarily because of ...
CSOonline1mon
Malicious npm packages found to create a backdoor in legitimate code
Also, the additional file loader.js that contains the download code for the third-stage payload is created in the node_modules folder, where usually all npm packages reside. The interesting part ...
Bleeping Computer1mon
Infostealer campaign compromises 10 npm packages, targets devs
All these packages, except for country-currency-map, are still available on npm, with their latest versions designated above, so downloading them will infect your projects with info-stealer malware.
Infosecurity-magazine.com1mon
Malicious npm Packages Deliver Sophisticated Reverse Shells
A newly discovered malware campaign has leveraged malicious npm packages to deliver highly sophisticated reverse shells. Researchers at ReversingLabs identified two malicious packages, ...