The Hacker News9 小时
Malicious NPM Packages Target Roblox Users with Data-Stealing Malware
Roblox's popularity in recent years has led to threat actors actively pushing bogus packages to target both developers and ...
InfoWorld2 天
‘Package confusion’ attack against NPM used to trick developers into downloading malware
Attackers gunning for supply chains again, deploying innovative blockchain technique to hide command & control.
Hundreds of malware-laden fake npm packages posted online to try and trick developers
Use precise geolocation data and actively scan device characteristics for identification. This is done to store and access ...
Hundreds of code libraries posted to NPM try to install malware on dev machines
An ongoing attack is uploading hundreds of malicious packages to the open source node package manager (NPM) repository in an attempt to infect the devices of developers who rely on code libraries ...
Direct Marketing News1 天
Hackers target npm developers with typosquat packages
The aim is to infect the systems of developers who rely on these registries for their code. To hide their malicious intent, ...
The Hacker News11 天
BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers
Contagious Interview refers to a yearlong-campaign undertaken by the Democratic People's Republic of Korea (DPRK) that ...
Developer Tech4 天
NPM supply chain attack uses Ethereum blockchain
Checkmarx researchers have detected a unique supply chain attack within the NPM ecosystem that uses the Ethereum blockchain.
techzine3 天
Hackers abuse NPM code registries via Ethereum network
Well-known open-source node package manager (NPM) registries are the target of massive attacks with malicious packages. These ...
LottieFiles hacked in supply chain attack to steal users’ crypto
The popular LottieFiles Lotti-Player project was compromised in a supply chain attack to inject a crypto drainer into ...