Malicious npm package mimics an ESLint plugin, embeds an AI-tricking prompt, and steals environment variables via a ...
North Korean hackers intensify their efforts against blockchain and Web3 developers, using nearly 200 malicious npm packages ...
North Korean attackers have delivered more than 197 malicious packages as part of ongoing state-sponsored activity to ...
North Korean actors deployed 197 new npm packages delivering evolved OtterCookie and GolangGhost malware through fake ...
A spate of supply chain attacks forces GitHub’s npm to revoke ‘classic’ tokens. Despite this, larger worries about developer ...
The originators of the Contagious Interview cyberattack campaign are stitching GitHub, Vercel, and NPM together into a ...
The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM ...
A stealthy campaign with 19 extensions on the VSCode Marketplace has been active since February, targeting developers with ...
Regtech firm SlowMist noted that recently, the NPM ecosystem experienced another large-scale package poisoning incident.
A new campaign involving 19 malicious Visual Studio Code extensions used a legitimate npm package to embed malware in ...
Malicious npm packages are using unique anti-evasion and targeting tactics to identify and redirect victims to cryptocurrency-themed scam websites, researchers have found. Socket Threat Research ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback