NPM

The Latest

Scattered Spider Suspected in Major M&S Cyberattack

Scattered Spider Suspected in Major M&S Cyberattack

SecAI Debuts at RSA 2025, Redefining Threat Investigation with AI

How Postal Code Data Impacts Cybersecurity, Privacy and Fraud Prevention

How Postal Code Data Impacts Cybersecurity, Privacy and Fraud Prevention

BreachForums Displays Message About Shutdown, Cites MyBB 0day Flaw

BreachForums Displays Message About Shutdown, Cites MyBB 0day Flaw

Backdoor Found in Official XRP Ledger NPM Package

Read More

2 minute read

Backdoor Found in Official XRP Ledger NPM Package

XRP Ledger SDK hit by supply chain attack: Malicious NPM versions stole private keys; users urged to update…

April 24, 2025

npm Malware Targets Atomic and Exodus Wallets to Hijack Crypto Transfers

Read More

2 minute read

npm Malware Targets Atomic and Exodus Wallets to Hijack Crypto Transfers

ReversingLabs reveals a malicious npm package targeting Atomic and Exodus wallets, silently hijacking crypto transfers via software patching.

April 10, 2025

New npm Malware Attack Infects Popular Ethereum Library with Backdoor

Read More

2 minute read

New npm Malware Attack Infects Popular Ethereum Library with Backdoor

Security researchers at ReversingLabs have discovered a new malware campaign on the npm package repository, revealing a new…

March 26, 2025

NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT

Read More

3 minute read

NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT

Researchers discovered a malicious package on the npm package registry that resembles a library for Ethereum smart contract vulnerabilities but actually drops an open-source remote access trojan called Quasar RAT onto developer systems.

January 3, 2025

Supply Chain Attack Hits Rspack, Vant npm Packages with Monero Miner

Read More

3 minute read

Supply Chain Attack Hits Rspack, Vant npm Packages with Monero Miner

Popular npm packages, Rspack and Vant, were recently compromised with malicious code. Learn about the attack, the impact, and how to protect your projects from similar threats.

December 23, 2024

Year-Long Malware Campaign Exploits NPM to Attack Roblox Developers

Read More

3 minute read

Year-Long Malware Campaign Exploits NPM to Attack Roblox Developers

A year-long malware campaign targets Roblox developers using fake NPM packages mimicking “noblox.js” to steal data. Despite takedowns,…

August 30, 2024

Trojanized jQuery Infiltrates npm, GitHub, and CDNs: Thousands of Packages at Risk

Read More

2 minute read

Trojanized jQuery Infiltrates npm, GitHub, and CDNs: Thousands of Packages at Risk

Phylum uncovers large-scale trojanized jQuery attacks targeting npm, GitHub, and CDNs. Malicious actors steal user form data through…

July 9, 2024

New Protestware Uses npm Packages to Call for Peace in Gaza and Ukraine

Read More

3 minute read

Security

New Protestware Uses npm Packages to Call for Peace in Gaza and Ukraine

Apart from displaying these messages, the packages performed no other actions. This indicates that these aren't malicious per se.

November 16, 2023

OpenSSF Launches Malicious Packages Repository

Read More

4 minute read

Security

OpenSSF Launches Malicious Packages Repository

The launch of the Malicious Packages repository comes at a time when cyberattacks, leveraging malicious open source packages, are on the rise.

October 17, 2023

NPM Typosquatting Attack Deploys r77 Rootkit via Legitimate Package

Read More

3 minute read

NPM Typosquatting Attack Deploys r77 Rootkit via Legitimate Package

Another day, another NPM typosquatting attack.

October 5, 2023