Browsing Tag
NPM
10 posts
Supply Chain Attack Hits Rspack, Vant npm Packages with Monero Miner
Popular npm packages, Rspack and Vant, were recently compromised with malicious code. Learn about the attack, the impact, and how to protect your projects from similar threats.
December 23, 2024
Year-Long Malware Campaign Exploits NPM to Attack Roblox Developers
A year-long malware campaign targets Roblox developers using fake NPM packages mimicking “noblox.js” to steal data. Despite takedowns,…
August 30, 2024
Trojanized jQuery Infiltrates npm, GitHub, and CDNs: Thousands of Packages at Risk
Phylum uncovers large-scale trojanized jQuery attacks targeting npm, GitHub, and CDNs. Malicious actors steal user form data through…
July 9, 2024
New Protestware Uses npm Packages to Call for Peace in Gaza and Ukraine
Apart from displaying these messages, the packages performed no other actions. This indicates that these aren't malicious per se.
November 16, 2023
OpenSSF Launches Malicious Packages Repository
The launch of the Malicious Packages repository comes at a time when cyberattacks, leveraging malicious open source packages, are on the rise.
October 17, 2023
NPM Typosquatting Attack Deploys r77 Rootkit via Legitimate Package
Another day, another NPM typosquatting attack.
October 5, 2023
FortiGuard Labs Uncovers Series of Malicious NPM Packages Stealing Data
There are over 17 million developers worldwide who use NPM packages, making it a lucrative target for cybercriminals.
October 2, 2023
Luna Grabber Malware Hits Roblox Devs Through npm Packages
The campaign, which began at the start of August 2023, revolves around malicious packages impersonating the legitimate noblox.js,…
August 22, 2023
Global CDN Service ‘jsdelivr’ Exposed Users to Phishing Attacks
In the interconnected world of web development, open-source components play a vital role, facilitating collaboration and code sharing…
July 21, 2023
CISA warns of trojanized versions of JavaScript library’s NPM package
The warning comes days after three rogue packages, okhsa, klow, and klown discovered by DevSecOps firm Sonatype, were removed from the NPM repository.
October 23, 2021