For the past four months, over 130 malicious NPM packages deploying information stealers have been collectively downloaded ...
Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection.
An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal ...
Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component ...
The typosquatted packages auto-execute on installation, fingerprint victims by IP, and deploy a PyInstaller binary to harvest ...
The ongoing ‘PhantomRaven’ malicious campaign has infected 126 npm packages to date, representing 86,000 downloads ...
An advanced malware campaign on the npm registry steals the very keys that control enterprise cloud infrastructure.
The Register on MSN
Invisible npm malware pulls a disappearing act – then nicks your tokens
PhantomRaven slipped over a hundred credential-stealing packages into npm A new supply chain attack dubbed PhantomRaven has ...
Software supply chain security firm JFrog has disclosed the details of a critical vulnerability affecting a popular React ...
7hon MSN
Millions of developers could be open to attack after critical flaw exploited - here's what we know
A widely popular npm package carried a critical severity vulnerability that allowed threat actors to, in certain scenarios, ...
The MSI file format used by Windows Installer (MSI) is used specifically for installation – this differs from the EXE format sometimes used to run installers, which are simple executable files that ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback