For the past four months, over 130 malicious NPM packages deploying information stealers have been collectively downloaded ...

Criminelen voorzagen Event-Stream, een populaire JavaScript-npm-library van malafide code. De code werd gebruikt voor Copay-apps van BitPay en kon daardoor wallets binnendringen en bitcoin en bitcoin ...

GlassWorm, een nieuwe en verontrustende cyberdreiging treft wereldwijd ontwikkelaars die werken met Visual Studio Code.

GlassWorm spread via 14 VS Code extensions; Solana + Google Calendar C2; stole credentials, drained 49 wallets.

Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection.

Having another security threat emanating from Node.js’ Node Package Manager (NPM) feels like a weekly event at this point, ...

Supply chain security company Safety has discovered a trojan in NPM that masqueraded as Anthropic’s popular Claude Code AI ...

Researchers say the malware was in the repository for two weeks, advise precautions to defend against malicious packages.

Software supply chain security firm JFrog has disclosed the details of a critical vulnerability affecting a popular React ...