Dark Reading

Supply Chain Attack Deploys Hundreds of Malicious NPM Modules to Steal Data

A routine scan of the NPM open source code repository in April turned up several packages using a JavaScript obfuscator to hide their true function. After further investigation, analysts with ...
Krebs on Security

18 Popular Code Packages Hacked, Rigged to Steal Crypto

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...
Bleeping Computer

NPM supply-chain attack impacts hundreds of websites and apps

An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and websites. As ...
Bleeping Computer

Ripple's recommended XRP library xrpl.js hacked to steal wallets

The recommended Ripple cryptocurrency NPM JavaScript library named "xrpl.js" was compromised to steal XRP wallet seeds and private keys and transfer them to an attacker-controlled server, allowing ...
Threat Post

Malicious Npm Packages Tapped Again to Target Discord Users

Recent LofyLife campaign steals tokens and infects client files to monitor various user actions, such as log-ins, password changes and payment methods. Threat actors once again are using the node ...
Hosted on MSN

North Korea’s “Contagious Interview” Campaign Surges in npm Attack Waves

A new wave of supply-chain assaults has seen North Korean hackers publish more than 300 malicious npm packages, infecting developer systems with sophisticated malware that steals credentials and ...
CSOonline

Developer sabotages own npm module prompting open-source supply chain security questions

The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity. The developer of a popular JavaScript ...