Security News

Ongoing typosquatting campaign impersonates hundreds of popular npm packages
2024-11-05 16:28

Puppeteer or Pupeter? One of them will snoop around on your machine and steal your credentials An ongoing typosquatting campaign is targeting developers via hundreds of popular JavaScript...

Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages
2024-11-05 05:33

An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware. The attack is...

LottieFiles Issues Warning About Compromised "lottie-player" npm Package
2024-10-31 14:16

LottieFiles has revealed that its npm package "lottie-player" was compromised as part of a supply chain attack, prompting it to release an updated version of the library. "On October 30th ~6:20 PM...

LottieFiles hit in npm supply chain attack targeting users' crypto
2024-10-31 09:02

LottieFiles announced that specific versions of its npm package carry malicious code that prompts users to connect their cryptocurrency wallets so they can be emptied. [...]

BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers
2024-10-28 13:51

Three malicious packages published to the npm registry in September 2024 have been found to contain a known malware called BeaverTail, a JavaScript downloader and information stealer linked to an...

Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor
2024-10-22 09:33

Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum private keys and gain remote access to the machine via...

Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems
2024-10-14 11:08

Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply...

Malicious npm Packages Mimicking 'noblox.js' Compromise Roblox Developers’ Systems
2024-09-02 03:36

Roblox developers are the target of a persistent campaign that seeks to compromise systems through bogus npm packages, once again underscoring how threat actors continue to exploit the trust in...

North Korean Hackers Target Developers with Malicious npm Packages
2024-08-30 06:25

Threat actors with ties to North Korea have been observed publishing a set of malicious packages to the npm registry, indicating "coordinated and relentless" efforts to target developers with...

North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry
2024-08-06 11:17

The North Korea-linked threat actor known as Moonstone Sleet has continued to push malicious npm packages to the JavaScript package registry with the aim of infecting Windows systems, underscoring the persistent nature of their campaigns. The security arm of the cloud monitoring firm is tracking the threat actor under the name Stressed Pungsan, which exhibits overlaps with a newly discovered North Korean malicious activity cluster dubbed Moonstone Sleet.