North Korean threat actors escalated their software supply chain attacks by uploading 67 new malicious packages to the npm ...

npm packages hit by phishing-based supply chain attack, exposing developers to malware and remote access threats.

Hackers compromised Toptal's GitHub organization account and used their access to publish ten malicious packages on the Node ...

Hackers have injected malware into popular NPM packages after compromising several developer accounts in a fresh phishing campaign.

Several popular npm packages with millions of weekly downloads were targeted, and one used as a launchpad for malware ...

DLL-based malware targets Windows users after a phishing campaign tricked the maintainer into leaking a token.

Stylus library and replaced them with a "security holding" page, breaking pipelines and builds worldwide that rely on the ...

Uploading malicious code to npm is just a setup. The real attack most likely happens elsewhere - on LinkedIn, Telegram, or ...

Experts have warned that ‘is’, an npm package with more than 2.8 million weekly downloads, was also compromised in the same ...

The "is" package was infected with cross-platform malware after a scam targeting maintainers The popular npm package "is" was infected with cross-platform malware, around the same time that linting ...

NPM co-founder Isaac Schlueter, who was the CEO until he was replaced by Bryan Bogensberger, remains as the company's chief product officer. Visit Business Insider's homepage for more stories.