Security News

LottieFiles hit in npm supply chain attack targeting users' crypto

2024-10-31 09:02

LottieFiles announced that specific versions of its npm package carry malicious code that prompts users to connect their cryptocurrency wallets so they can be emptied. [...]

#attack #crypto #NPM #supplychain

BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers

2024-10-28 13:51

Three malicious packages published to the npm registry in September 2024 have been found to contain a known malware called BeaverTail, a JavaScript downloader and information stealer linked to an...

#developer #malware #NPM

Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor

2024-10-22 09:33

Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum private keys and gain remote access to the machine via...

#backdoor #developer #ethereum #NPM #SSH #wallets

Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems

2024-10-14 11:08

Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply...

#attack #exploit #NPM #opensource #python #supplychain

Malicious npm Packages Mimicking 'noblox.js' Compromise Roblox Developers’ Systems

2024-09-02 03:36

Roblox developers are the target of a persistent campaign that seeks to compromise systems through bogus npm packages, once again underscoring how threat actors continue to exploit the trust in...

#compromise #developer #NPM #roblox #systems

North Korean Hackers Target Developers with Malicious npm Packages

2024-08-30 06:25

Threat actors with ties to North Korea have been observed publishing a set of malicious packages to the npm registry, indicating "coordinated and relentless" efforts to target developers with...

#developer #hacker #northkorean #NPM

North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry

2024-08-06 11:17

The North Korea-linked threat actor known as Moonstone Sleet has continued to push malicious npm packages to the JavaScript package registry with the aim of infecting Windows systems, underscoring the persistent nature of their campaigns. The security arm of the cloud monitoring firm is tracking the threat actor under the name Stressed Pungsan, which exhibits overlaps with a newly discovered North Korean malicious activity cluster dubbed Moonstone Sleet.

#hacker #northkorean #NPM

Malicious npm Packages Found Using Image Files to Hide Backdoor Code

2024-07-16 10:09

Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server. The packages in question - img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy - have been downloaded 190 and 48 times each.

#backdoor #NPM

Trojanized jQuery Packages Found on npm, GitHub, and jsDelivr Code Repositories

2024-07-09 04:48

Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be an instance of a "Complex and persistent" supply chain attack. As many as 68 packages have been linked to the campaign.

#github #NPM

Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users

2024-06-03 14:00

Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to drop a remote access trojan (RAT) on compromised systems. The package in...

#NPM #RAT #researcher

Security News {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Security News"}]}

Security News