The Hacker News

npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Researchers expose Discord webhook C2 in npm, PyPI, RubyGems; North Korean actors published 338 malicious npm packages with ...
SecurityWeek

NPM Infrastructure Abused in Phishing Campaign Aimed at Industrial and Electronics Firms

Threat actors are abusing legitimate NPM infrastructure in a new phishing campaign that breaks from the typical supply chain attack pattern.