The Hacker News

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

The disclosure comes as HelixGuard discovered a malicious package in PyPI named "spellcheckers" that claims to be a tool for ...
CSO Online

Contagious Interview attackers go ‘full stack’ to fool developers

The originators of the Contagious Interview cyberattack campaign are stitching GitHub, Vercel, and NPM together into a development and delivery pipeline to drop malware.
The Hacker News

ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories

Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, ...
InfoWorld

A proactive defense against npm supply chain attacks

Supply chain risk is unavoidable, but not unmanageable. Proactively prevent supply chain attacks by embedding YARA into ...
Dark Reading

DPRK's 'Contagious Interview' Spawns Malicious Npm Package Factory

North Korean attackers have delivered more than 197 malicious packages as part of ongoing state-sponsored activity to ...
Infosecurity Magazine

Malware Manipulates AI Detection in Latest npm Package Breach

A new attempt to influence AI-driven security scanners has been identified in a malicious npm package. The package, ...

Glassworm returns once again with a third round of VS code attacks

The Visual Studio Marketplace and the Open VSX Registry users are targeted once again with infostealing malware.