17 Discord malware packages found in NPM repository
17 Discord malware packages found in NPM repository click here to read full Article Read More on latest Security Updates
Tagged: npm
Two NPM Packages With 22 Million Weekly Downloads Found Backdoored
In what’s yet another instance of supply chain attack targeting open-source software repositories, two popular NPM packages with cumulative weekly downloads of nearly 22 million were found to be compromised with malicious code by...
Popular 'coa' NPM library hijacked to steal user passwords
The ‘coa’ library, short for Command-Option-Argument, receives about 9 million weekly downloads on npm, and is used by almost 5 million open source repositories on GitHub. click here to read full Article Read more...
Malicious NPM libraries install ransomware, password stealer
The two packages, named noblox.js-proxy and noblox.js-proxies, use typo-squatting to appear as the legitimate Roblox API wrapper called noblox.js-proxied by changing a single letter in the name. click here to read full Article Read...
Popular NPM Package Hijacked to Publish Crypto-mining Malware
The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining and password-stealing malware embedded in “UAParser.js,” a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to...
Malicious Packages Disguised as JavaScript Libraries Found
Researchers at open-source software firm Sonatype have uncovered multiple malicious packages that disguise themselves as legitimate JavaScript libraries on npm registries to launch cryptominers on Windows, macOS and Linux machines. click here to read...
GitHub Researchers Discover Code Execution Bugs in 'tar' and npm CLI
In the course of two months (July and August), security experts at GitHub have discovered arbitrary code execution vulnerabilities in the open-source Node.js packages, tar, and @npmcli/arborist. click here to read full Article Read...
GitHub finds 7 code execution vulnerabilities in 'tar' and npm CLI
The vulnerabilities affect both Windows and Unix-based users, and if left unpatched, can be exploited by attackers to achieve arbitrary code execution on a system installing untrusted npm packages. click here to read full...
This NPM package with millions of weekly downloads has fixed a remote code execution flaw
A very popular NPM package called ‘pac-resolver’ for the JavaScript programming language has been fixed to address a remote code execution flaw that could affect a lot of Node.js applications. click here to read...
Malicious npm Packages Steal Chrome Browser Passwords
Once again, some malicious npm packages surfaced online to fool users. This time, the npm… Malicious npm Packages Steal Chrome Browser Passwords on Latest Hacking News. click here to read full Article Read more...
Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers
A software package available from the official NPM repository has been revealed to be actually a front for a tool that’s designed to steal saved passwords from the Chrome web browser. The package in...
Hackers Use Malicious NPM packages to Target Amazon, Slack with New Dependency Attacks
Threat actors are targeting Amazon, Zillow, Lyft, and Slack NodeJS apps using a new ‘Dependency Confusion’ vulnerability to steal Linux/Unix password files and open reverse shells back to the attackers. Click here for image...
Discord-Stealing Malware Invades npm Packages
The CursedGrabber malware has infiltrated the open-source software code repository. Three malicious software packages have been published to npm, a code repository for JavaScript developers to share and reuse code blocks. Click here for...
Constant Onslaught of Malicious NPM Packages Bundled With njRAT Malware | Cyware Hacker News
Stability staff guiding the npm repository eradicated two offers made up of the destructive code to put in the njRAT on desktops of JavaScript and Node.js builders. Picture and Article Resource backlink Read More...
Malicious npm packages caught installing remote access trojans | ZDNet
The identify of the two deals was jdb.js and db-json.js., and each ended up developed by the exact same creator and explained on their own as equipment to aid developers perform with JSON information....
Malicious npm package opens backdoors on programmers’ computers | ZDNet
The npm protection group has eliminated currently a malicious JavaScript library from the npm site that contained malicious code for opening backdoors on programmers’ computer systems. Picture and Posting Source url Study far more...
