NPM

The Latest

Penetration Testing Services: Strengthening Cybersecurity Against Evolving Threats

Penetration Testing Services: Strengthening Cybersecurity Against Evolving Threats

New npm Malware Attack Infects Popular Ethereum Library with Backdoor

New npm Malware Attack Infects Popular Ethereum Library with Backdoor

Next.js Middleware Flaw Lets Attackers Bypass Authorization

Next.js Middleware Flaw Lets Attackers Bypass Authorization

Crypto Heist Suspect "Wiz" Arrested After $243 Million Theft

Crypto Heist Suspect “Wiz” Arrested After $243 Million Theft

New npm Malware Attack Infects Popular Ethereum Library with Backdoor

Read More

2 minute read

New npm Malware Attack Infects Popular Ethereum Library with Backdoor

Security researchers at ReversingLabs have discovered a new malware campaign on the npm package repository, revealing a new…

March 26, 2025

NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT

Read More

3 minute read

NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT

Researchers discovered a malicious package on the npm package registry that resembles a library for Ethereum smart contract vulnerabilities but actually drops an open-source remote access trojan called Quasar RAT onto developer systems.

January 3, 2025

Supply Chain Attack Hits Rspack, Vant npm Packages with Monero Miner

Read More

3 minute read

Supply Chain Attack Hits Rspack, Vant npm Packages with Monero Miner

Popular npm packages, Rspack and Vant, were recently compromised with malicious code. Learn about the attack, the impact, and how to protect your projects from similar threats.

December 23, 2024

Year-Long Malware Campaign Exploits NPM to Attack Roblox Developers

Read More

3 minute read

Year-Long Malware Campaign Exploits NPM to Attack Roblox Developers

A year-long malware campaign targets Roblox developers using fake NPM packages mimicking “noblox.js” to steal data. Despite takedowns,…

August 30, 2024

Trojanized jQuery Infiltrates npm, GitHub, and CDNs: Thousands of Packages at Risk

Read More

2 minute read

Trojanized jQuery Infiltrates npm, GitHub, and CDNs: Thousands of Packages at Risk

Phylum uncovers large-scale trojanized jQuery attacks targeting npm, GitHub, and CDNs. Malicious actors steal user form data through…

July 9, 2024

New Protestware Uses npm Packages to Call for Peace in Gaza and Ukraine

Read More

3 minute read

Security

New Protestware Uses npm Packages to Call for Peace in Gaza and Ukraine

Apart from displaying these messages, the packages performed no other actions. This indicates that these aren't malicious per se.

November 16, 2023

OpenSSF Launches Malicious Packages Repository

Read More

4 minute read

Security

OpenSSF Launches Malicious Packages Repository

The launch of the Malicious Packages repository comes at a time when cyberattacks, leveraging malicious open source packages, are on the rise.

October 17, 2023

NPM Typosquatting Attack Deploys r77 Rootkit via Legitimate Package

Read More

3 minute read

NPM Typosquatting Attack Deploys r77 Rootkit via Legitimate Package

Another day, another NPM typosquatting attack.

October 5, 2023

Fortinet Labs Uncovers Series of Malicious NPM Packages Stealing Data

Read More

4 minute read

Security

FortiGuard Labs Uncovers Series of Malicious NPM Packages Stealing Data

There are over 17 million developers worldwide who use NPM packages, making it a lucrative target for cybercriminals.

October 2, 2023

Luna Grabber Malware Hits Roblox Devs Through npm Packages

Read More

3 minute read

Luna Grabber Malware Hits Roblox Devs Through npm Packages

The campaign, which began at the start of August 2023, revolves around malicious packages impersonating the legitimate noblox.js,…

byHabiba Rashid

August 22, 2023