Security News

Cybercriminals Target Ethereum Developers with Fake Hardhat npm Packages
2025-01-06 09:28

Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool in order to steal sensitive data from...

Malicious npm packages target Ethereum developers' private keys
2025-01-03 15:53

Twenty malicious packages impersonating the Hardhat development environment used by Ethereum developers are targeting private keys and other sensitive data. [...]

Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT
2025-01-02 07:45

Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality,...

Malicious Rspack, Vant packages published using stolen NPM tokens
2024-12-20 17:47

Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers. [...]

Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack
2024-12-20 08:39

The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish...

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools
2024-12-19 13:56

Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package...

Solana blockchain's popular web3.js npm package backdoored to steal keys, funds
2024-12-05 23:13

Damage likely limited to those running bots with private key access Malware-poisoned versions of the widely used JavaScript library @solana/web3.js were distributed via the npm package registry,...

Researchers Uncover Backdoor in Solana's Popular Web3.js npm Library
2024-12-04 09:48

Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users'...

XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner
2024-11-28 10:48

Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later...

Malicious NPM Packages Target Roblox Users with Data-Stealing Malware
2024-11-08 11:53

A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and...