For the past four months, over 130 malicious NPM packages deploying information stealers have been collectively downloaded ...
Ten typosquatted npm packages (Jul 4, 2025) delivered a 24MB PyInstaller info stealer using 4 obfuscation layers; ~9,900 ...
Having another security threat emanating from Node.js’ Node Package Manager (NPM) feels like a weekly event at this point, ...
Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection.
The vulnerability, tracked as CVE-2025-11953, carries a CVSS score of 9.8 out of a maximum of 10.0, indicating critical severity. It also affects the "@react-native-community/cli-server-api" package ...
Security researchers at software supply chain company JFrog Ltd. today revealed details of a critical vulnerability in React, ...
These packages are very popular, with approximately 1,020,000 weekly downloads, making this a massive supply chain attack that could have widespread consequences. The malicious code is heavily ...
Published 3:00 p.m. ET on October 31, 2025; last updated 5:00 p.m. ET on October 31, 2025 This week, an open source malware campaign dubbed ‘PhantomRaven’ has run rampant, flooding the npm registry ...
Cybercriminals hacked 18 NPM packages of a well-known developer to conceal malware. The breach affected several leading blockchains. Crypto users area take extreme caution. The recent attack on the ...
Hackers broke into the node package manager (NPM) account of a well-known software developer and added malware to popular JavaScript libraries, targeting crypto wallets. ”Picture this: you compromise ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback