News

Threat Post8y

Attackers Use Typo-Squatting To Steal npm Credentials

Criminals used a typo-squatting technique and uploaded rogue JavaScript libraries to a popular code repository npm.
InfoWorld6d

Wave of npm supply chain attacks exposes thousands of enterprise developer credentials

Attacks on the NX build system and React packages highlight escalating threats to enterprise software development pipelines.
SecurityWeek6d

Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack

The popular Nx build system, boasting 4 million downloads each week, was exploited in the first supply chain breach to use AI ...
adtmag.com8y

Visual Studio Code Update Overloads npm Service, Forces Version ...

Microsoft said its Visual Studio Code 1.7 release overloaded the npmjs.org JavaScript package management service for Node.js, forcing a version rollback to 1.6.1.
Threat Post4y

NPM Package Steals Chrome Passwords | Threatpost

In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems via ChromePass.
heise online3mon

Remote access Trojan found in npm package with 40,000 ... - heise online

Remote access Trojan found in npm package with 40,000 weekly downloads Attackers had added malicious code to the rand-user-agent package, which is used for automatic tests and web scraping, among ...