News

NPM package ‘is’ with 2.8M weekly downloads infected devs with malware
The popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers ...
npm 'accidentally' removes Stylus package, breaks builds and pipelines
Stylus library and replaced them with a "security holding" page, breaking pipelines and builds worldwide that rely on the ...
More popular npm packages hijacked to spread malware
Several popular npm packages with millions of weekly downloads were targeted, and one used as a launchpad for malware ...
CSO Online1d
Prettier-ESLint npm packages hijacked in a sophisticated supply chain attack
DLL-based malware targets Windows users after a phishing campaign tricked the maintainer into leaking a token.
The Hacker News3d
Malware Injected into 5 npm Packages After Maintainer Tokens Stolen in Phishing Attack
npm packages hit by phishing-based supply chain attack, exposing developers to malware and remote access threats.
North Korean hackers release malware-ridden packages into npm registry
Uploading malicious code to npm is just a setup. The real attack most likely happens elsewhere - on LinkedIn, Telegram, or ...
GovInfoSecurity7d
North Korea Floods npm Registry with Malware
North Korean threat actors escalated their software supply chain attacks by uploading 67 new malicious packages to the npm ...
The Hacker News8d
North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign
North Korean hackers continue attacking open-source software via npm packages. 67 new malicious packages with XORIndex Loader ...
Business Insider6y
NPM Co-Founder and Chief Data Officer Laurie Voss Resigns - Business ...
NPM co-founder Isaac Schlueter, who was the CEO until he was replaced by Bryan Bogensberger, remains as the company's chief product officer. Visit Business Insider's homepage for more stories.