NPM

The Latest

Zendesk’s Subdomain Registration Abused in Phishing Scams

Zendesk’s Subdomain Registration Exposed to Phishing, Pig Butchering Scams

Cloudflare Mitigates Massive 5.6 Tbps Mirai-Variant DDoS Attack

Cloudflare Mitigates Massive 5.6 Tbps Mirai-Variant DDoS Attack

Trump Pardons Silk Road Founder Ross Ulbricht, Calls Prosecutors 'Scum'

Trump Pardons Silk Road Founder Ross Ulbricht, Calls Prosecutors ‘Scum’

Criminal IP and OnTheHub Partner to Deliver Advanced Cybersecurity Solutions for Education

NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT

Read More

3 minute read

NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT

Researchers discovered a malicious package on the npm package registry that resembles a library for Ethereum smart contract vulnerabilities but actually drops an open-source remote access trojan called Quasar RAT onto developer systems.

January 3, 2025

Supply Chain Attack Hits Rspack, Vant npm Packages with Monero Miner

Read More

3 minute read

Supply Chain Attack Hits Rspack, Vant npm Packages with Monero Miner

Popular npm packages, Rspack and Vant, were recently compromised with malicious code. Learn about the attack, the impact, and how to protect your projects from similar threats.

December 23, 2024

Year-Long Malware Campaign Exploits NPM to Attack Roblox Developers

Read More

3 minute read

Year-Long Malware Campaign Exploits NPM to Attack Roblox Developers

A year-long malware campaign targets Roblox developers using fake NPM packages mimicking “noblox.js” to steal data. Despite takedowns,…

August 30, 2024

Trojanized jQuery Infiltrates npm, GitHub, and CDNs: Thousands of Packages at Risk

Read More

2 minute read

Trojanized jQuery Infiltrates npm, GitHub, and CDNs: Thousands of Packages at Risk

Phylum uncovers large-scale trojanized jQuery attacks targeting npm, GitHub, and CDNs. Malicious actors steal user form data through…

July 9, 2024

New Protestware Uses npm Packages to Call for Peace in Gaza and Ukraine

Read More

3 minute read

Security

New Protestware Uses npm Packages to Call for Peace in Gaza and Ukraine

Apart from displaying these messages, the packages performed no other actions. This indicates that these aren't malicious per se.

November 16, 2023

OpenSSF Launches Malicious Packages Repository

Read More

4 minute read

Security

OpenSSF Launches Malicious Packages Repository

The launch of the Malicious Packages repository comes at a time when cyberattacks, leveraging malicious open source packages, are on the rise.

October 17, 2023

NPM Typosquatting Attack Deploys r77 Rootkit via Legitimate Package

Read More

3 minute read

NPM Typosquatting Attack Deploys r77 Rootkit via Legitimate Package

Another day, another NPM typosquatting attack.

October 5, 2023

Fortinet Labs Uncovers Series of Malicious NPM Packages Stealing Data

Read More

4 minute read

Security

FortiGuard Labs Uncovers Series of Malicious NPM Packages Stealing Data

There are over 17 million developers worldwide who use NPM packages, making it a lucrative target for cybercriminals.

October 2, 2023

Luna Grabber Malware Hits Roblox Devs Through npm Packages

Read More

3 minute read

Luna Grabber Malware Hits Roblox Devs Through npm Packages

The campaign, which began at the start of August 2023, revolves around malicious packages impersonating the legitimate noblox.js,…

byHabiba Rashid

August 22, 2023

Global CDN Service ‘jsdelivr’ Exposed Users to Phishing Attacks

Read More

3 minute read

Global CDN Service ‘jsdelivr’ Exposed Users to Phishing Attacks

In the interconnected world of web development, open-source components play a vital role, facilitating collaboration and code sharing…

byHabiba Rashid

July 21, 2023