A newly-discovered malicious package with layers of obfuscation is disguised as a utility library, with malware essentially ...
The Register on MSN
GitHub moves to tighten npm security amid phishing, malware plague
Hundreds of compromised packages pulled as registry shifts to 2FA and trusted publishing GitHub, which owns the npm registry ...
Process improvements and a closer look at funding streams will provide far more protection for the open source software we ...
Newly discovered npm package 'fezbox' employs QR codes to hide a second-stage payload to steal cookies from a user's web browser. The package, masquerading as a utility library, leverages this ...
"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...
JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.
NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by bitcoin wallets. A major NPM developer, qix, has had their account compromised.
The bundle.js script is designed to steal npm, GitHub, AWS and GCP tokens. But it also installs TruffleHog – an open source ...
Ledger Chief Technology Officer Charles Guillemet on Monday urged crypto users to take immediate precautions following what appears to be a large-scale supply chain cyberattack targeting the ...
Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback