The Hacker News6 小时
Malicious NPM Packages Target Roblox Users with Data-Stealing Malware
Roblox's popularity in recent years has led to threat actors actively pushing bogus packages to target both developers and ...
InfoWorld1 天
‘Package confusion’ attack against NPM used to trick developers into downloading malware
Attackers gunning for supply chains again, deploying innovative blockchain technique to hide command & control.
Hundreds of malware-laden fake npm packages posted online to try and trick developers
Software developers, especially those working with cryptocurrencies, are once again facing a supply chain attack via open source code repositories.
Ongoing typosquatting campaign impersonates hundreds of popular npm packages
Phylum noted that some unknown miscreant was using typosquat packages masquerading as Puppeteer, Bignum.js and various cryptocurrency libraries – 287 packages in total – to trick developers into ...
Hundreds of code libraries posted to NPM try to install malware on dev machines
An ongoing attack is uploading hundreds of malicious packages to the open source node package manager (NPM) repository in an attempt to infect the devices of developers who rely on code libraries ...
The Hacker News3 天
Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages
An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware. The activity was ...
Direct Marketing News1 天
Hackers target npm developers with typosquat packages
The aim is to infect the systems of developers who rely on these registries for their code. To hide their malicious intent, ...