NPM flooded with malicious packages downloaded more than 86,000 times

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 ...
Hackaday

PhantomRaven Attack Exploits NPM’s Unchecked HTTP URL Dependency Feature

Having another security threat emanating from Node.js’ Node Package Manager (NPM) feels like a weekly event at this point, ...

Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know

Recently, security researchers Socket found 10 packages on npm targeting software developers, specifically those who use the ...

PhantomRaven attack floods npm with credential-stealing packages

An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal ...

Claude Code trojan found in NPM

Supply chain security company Safety has discovered a trojan in NPM that masqueraded as Anthropic’s popular Claude Code AI ...
The Hacker News

North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware

The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality ...

North Korea Weaponizes Blockchain for Stealth Hacks, Poses as Job Recruiters

North Korean threat group Famous Chollima is using blockchain technology to hide malware payloads in smart contracts, which marks the first documented case of a nation-state actor adopting ...

From Job Offers to Crypto Theft: Latest North Korean Hacker Campaigns Exposed

The North Korean threat actor behind the Contagious Interview campaign has started combining features from two of its malware ...
GitHub

EAS Build EACCES mkdir /node_modules error persists despite clean yarn/npm, clear-cache, and rebuild

needs reviewIssue is ready to be reviewed by a maintainerIssue is ready to be reviewed by a maintainer EAS build fails on both npm ci and yarn install with EACCES ...