SecurityWeek

Tens of Thousands of Malicious NPM Packages Distribute Self-Replicating Worm

A threat actor has published tens of thousands of malicious NPM packages that contain a self-replicating worm, security ...

Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know

Ten typosquatted npm packages delivered infostealing malware to nearly 10,000 systemsMalware targeted system keyrings, bypassing app-level security to steal decrypted credentialsAffected users must ...
ZDNet

Three npm packages found opening shells on Linux, Windows systems

Three JavaScript packages have been removed from the npm portal on Thursday for containing malicious code. According to advisories from the npm security team, the three JavaScript libraries opened ...
SecurityWeek

Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks

Software supply chain security firm JFrog has disclosed the details of a critical vulnerability affecting a popular React ...

Infostealer for Windows, macOS and Linux found in ten packages on npm

The npm packages were available since July, have elaborately obfuscated malicious routines, and rely on a fake CAPTCHA to appear authentic.
Bleeping Computer

NPM nukes NodeJS malware opening Windows, Linux reverse shells

NPM has removed multiple packages hosted on its repository this week that established connection to remote servers and exfiltrated user data. These 4 packages had collected over 1,000 total downloads ...
InfoWorld

Malicious npm packages contain Vidar infostealer

Researchers say the malware was in the repository for two weeks, advise precautions to defend against malicious packages.
Bleeping Computer

Malicious NPM libraries install ransomware, password stealer

Malicious NPM packages pretending to be Roblox libraries are delivering ransomware and password-stealing trojans on unsuspecting users. After the malicious NPM libraries are added to a project and ...