NPM

3 minute read

Year-Long Malware Campaign Exploits NPM to Attack Roblox Developers

A year-long malware campaign targets Roblox developers using fake NPM packages mimicking “noblox.js” to steal data. Despite takedowns,…

byWaqas

August 30, 2024

2 minute read

Trojanized jQuery Infiltrates npm, GitHub, and CDNs: Thousands of Packages at Risk

Phylum uncovers large-scale trojanized jQuery attacks targeting npm, GitHub, and CDNs. Malicious actors steal user form data through…

byDeeba Ahmed

July 9, 2024

New Protestware Uses npm Packages to Call for Peace in Gaza and Ukraine

3 minute read

Security

New Protestware Uses npm Packages to Call for Peace in Gaza and Ukraine

Apart from displaying these messages, the packages performed no other actions. This indicates that these aren't malicious per se.

byWaqas

November 16, 2023

OpenSSF Launches Malicious Packages Repository

4 minute read

Security

OpenSSF Launches Malicious Packages Repository

The launch of the Malicious Packages repository comes at a time when cyberattacks, leveraging malicious open source packages, are on the rise.

byWaqas

October 17, 2023

3 minute read

NPM Typosquatting Attack Deploys r77 Rootkit via Legitimate Package

Another day, another NPM typosquatting attack.

byDeeba Ahmed

October 5, 2023

Fortinet Labs Uncovers Series of Malicious NPM Packages Stealing Data

4 minute read

Security

FortiGuard Labs Uncovers Series of Malicious NPM Packages Stealing Data

There are over 17 million developers worldwide who use NPM packages, making it a lucrative target for cybercriminals.

byWaqas

October 2, 2023

3 minute read

Luna Grabber Malware Hits Roblox Devs Through npm Packages

The campaign, which began at the start of August 2023, revolves around malicious packages impersonating the legitimate noblox.js,…

byHabiba Rashid

August 22, 2023

3 minute read

Global CDN Service ‘jsdelivr’ Exposed Users to Phishing Attacks

In the interconnected world of web development, open-source components play a vital role, facilitating collaboration and code sharing…

byHabiba Rashid

July 21, 2023

CISA warns of trojanized versions of JavaScript library's NPM package

2 minute read

News

CISA warns of trojanized versions of JavaScript library’s NPM package

The warning comes days after three rogue packages, okhsa, klow, and klown discovered by DevSecOps firm Sonatype, were removed from the NPM repository.

byDeeba Ahmed

October 23, 2021

The Latest

5 Suspected MGM Hackers from Scattered Spider Arrested in US

Halo Security Launches Slack Integration for Real-Time Alerts on New Assets and Vulnerabilities

How to select the best on-ramp and off-ramp for you?

SquareX Brings Industry’s First Browser Detection Response Solution to AISA Melbourne CyberCon 2024

NPM

Year-Long Malware Campaign Exploits NPM to Attack Roblox Developers

Trojanized jQuery Infiltrates npm, GitHub, and CDNs: Thousands of Packages at Risk

New Protestware Uses npm Packages to Call for Peace in Gaza and Ukraine

OpenSSF Launches Malicious Packages Repository

NPM Typosquatting Attack Deploys r77 Rootkit via Legitimate Package

FortiGuard Labs Uncovers Series of Malicious NPM Packages Stealing Data

Luna Grabber Malware Hits Roblox Devs Through npm Packages

Global CDN Service ‘jsdelivr’ Exposed Users to Phishing Attacks

CISA warns of trojanized versions of JavaScript library’s NPM package

Halo Security Launches Slack Integration for Real-Time Alerts on New Assets and Vulnerabilities

SquareX Brings Industry’s First Browser Detection Response Solution to AISA Melbourne CyberCon 2024

ANY.RUN Sandbox Now Automates Interactive Analysis of Complex Cyber Attack Chains

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues