Security News

Solana blockchain's popular web3.js npm package backdoored to steal keys, funds
2024-12-05 23:13

Damage likely limited to those running bots with private key access Malware-poisoned versions of the widely used JavaScript library @solana/web3.js were distributed via the npm package registry,...

Researchers Uncover Backdoor in Solana's Popular Web3.js npm Library
2024-12-04 09:48

Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users'...

XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner
2024-11-28 10:48

Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later...

Malicious NPM Packages Target Roblox Users with Data-Stealing Malware
2024-11-08 11:53

A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and...

Ongoing typosquatting campaign impersonates hundreds of popular npm packages
2024-11-05 16:28

Puppeteer or Pupeter? One of them will snoop around on your machine and steal your credentials An ongoing typosquatting campaign is targeting developers via hundreds of popular JavaScript...

Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages
2024-11-05 05:33

An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware. The attack is...

LottieFiles Issues Warning About Compromised "lottie-player" npm Package
2024-10-31 14:16

LottieFiles has revealed that its npm package "lottie-player" was compromised as part of a supply chain attack, prompting it to release an updated version of the library. "On October 30th ~6:20 PM...

LottieFiles hit in npm supply chain attack targeting users' crypto
2024-10-31 09:02

LottieFiles announced that specific versions of its npm package carry malicious code that prompts users to connect their cryptocurrency wallets so they can be emptied. [...]

BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers
2024-10-28 13:51

Three malicious packages published to the npm registry in September 2024 have been found to contain a known malware called BeaverTail, a JavaScript downloader and information stealer linked to an...

Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor
2024-10-22 09:33

Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum private keys and gain remote access to the machine via...