Cryptopolitan on MSN
Attackers deliver infostealer to Polymarket trading bot users, DeFi devs through npm packages
Hackers created a fake trading bot for Polymarket’s prediction markets on GitHub. The bot was used to spread malware that ...
JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal WhatsApp messages, collect contacts, and gain access to the account. A fork of ...
Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection. The finding, ...
Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after attackers injected malware into 18 popular packages that together account for ...
Hosted on MSN
Malicious SAP npm packages with 500,000 weekly downloads were stealing developer passwords and cloud secrets for days
For a few critical days at the end of April 2026, thousands of developers building SAP integrations unknowingly handed their passwords and cloud credentials to attackers. Four widely used npm packages ...
As poisoned software continues to pop up across the industry, some threat actors have found a way to hide malicious code in npm packages and avoid detection from most security tools. In an blog post ...
Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a new Shai-Hulud supply-chain campaign. Most of the affected packages are in ...
A new piece of malware is spreading through the popular tinycolor NPM library and more than 300 other packages, some of which belong to CrowdStrike. Recently, there were reports of the tinycolor npm ...
Researchers at Endor Labs uncovered 88 new packages tied to new waves of the campaign, which uses remote dynamic dependencies to deliver credential-stealing malware. Last year’s “PhantomRaven” ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results