Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to ...
First steps were taken a few days ago, and more are to follow. Users and developers in the NPM ecosystem must act in the ...
Researchers expose Discord webhook C2 in npm, PyPI, RubyGems; North Korean actors published 338 malicious npm packages with ...
In light of recent cyberattacks and growing security concerns, GitHub is taking immediate and direct action to secure the open-source software supply chain.
The Register on MSN
One line of malicious npm code led to massive Postmark email heist
A fake npm package posing as Postmark's MCP (Model Context Protocol) server silently stole potentially thousands of emails a day by adding a single line of code that secretly copied outgoing messages ...
Threat actors are abusing legitimate NPM infrastructure in a new phishing campaign that breaks from the typical supply chain attack pattern.
CERT-In has issued a high-severity warning over a major npm ecosystem compromise named ‘Shai-Hulud,’ targeting credentials linked to Google Cloud, AWS, Microsoft Azure, and developer accounts.
Sonatype, an AI-centric DevSecOps firm, has released the Open Source Malware Index for Q3 2025, revealing a total of 34,319 new open source malware packages identified across major registries such as ...
North Korean hackers used fake recruiter lures and npm packages to target crypto developers in a large-scale supply-chain ...
If you needed another reminder that our software supply chains are only as strong as their smallest link, the JavaScript ecosystem delivered it. In early September, attackers phished the NPM account ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback