News

CSO Online15d
Supply chain attack compromises npm packages to spread backdoor malware
In a newly discovered supply chain attack, attackers last week targeted a range of npm-hosted JavaScript type testing ...
The Register on MSN15d
Not pretty, not Windows-only: npm phishing attack laces popular packages with malware
The "is" package was infected with cross-platform malware after a scam targeting maintainers The popular npm package "is" was infected with cross-platform malware, around the same time that linting ...
Hackers target Python devs in phishing attacks using fake PyPI site
The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing ...
Python devs targeted with dangerous phishing attacks - here's how to stay safe
Tainting legitimate PyPI packages with malware is also a common occurrence. Many Python developers trust the platform, and ...
The Hacker News10d
Toptal GitHub Breach Exposes 73 Repositories and Injects Malware into 10 npm Packages
In what's the latest instance of a software supply chain attack, unknown threat actors managed to compromise Toptal's GitHub ...
North Korean hackers release malware-ridden packages into npm registry
Uploading malicious code to npm is just a setup. The real attack most likely happens elsewhere - on LinkedIn, Telegram, or Discord. North Korean attackers would pose as recruiters, or HR managers in ...
Npm package with millions of downloads is at risk from malware hijacking
Experts have warned that ‘is’, an npm package with more than 2.8 million weekly downloads, was also compromised in the same manner, and served malware for roughly six hours.