ZDNet

Three npm packages found opening shells on Linux, Windows systems

Three JavaScript packages have been removed from the npm portal on Thursday for containing malicious code. According to advisories from the npm security team, the three JavaScript libraries opened ...
Bleeping Computer

NPM nukes NodeJS malware opening Windows, Linux reverse shells

NPM has removed multiple packages hosted on its repository this week that established connection to remote servers and exfiltrated user data. These 4 packages had collected over 1,000 total downloads ...
TechRadar

Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know

Ten typosquatted npm packages delivered infostealing malware to nearly 10,000 systems Malware targeted system keyrings, bypassing app-level security to steal decrypted credentials Affected users must ...
ZDNet

Malicious npm packages target Azure developers to steal personal data

According to researchers Andrey Polkovnychenko and Shachar Menashe, the repositories were first detected on March 21 and steadily grew from roughly 50 malicious npm packages to over 200 in a matter of ...
TechRadar

Popular NPM packages with over a million downloads hit by malware

17 NPM packages with more than a million weekly downloads were compromised to deliver a RAT The attack could turn into a major supply chain attack, experts warned The packages were since deprecated, ...
Bleeping Computer

Malware found in NPM packages with 1 million weekly downloads

These packages are very popular, with approximately 1,020,000 weekly downloads, making this a massive supply chain attack that could have widespread consequences. The malicious code is heavily ...