-
GitGuardian uncovers TeamPCP attack on Bitwarden CLI, abusing GitHub Dependabot to spread Shai-Hulud and poison AI coding tools.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Critical RCE flaw in protobuf.js lets attackers execute code via malicious schemas. Learn who is at risk, affected versions, and how to fix it.
·
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Axios npm Package compromised in a supply chain attack, exposing developers to malware, data theft, and full system takeover risks worldwide.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
ReversingLabs researchers identify a new Ghost campaign using fake npm install logs and progress bars to phish for sudo passwords and steal crypto wallets from developers.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Sonatype uncovers a sophisticated malware campaign using hijacked npm developer accounts to steal API keys and passwords. Is your dev environment at risk?
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Veracode reveal a typosquatting attack that disguises Pulsar RAT as images to bypass Windows security and antivirus programs.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Zscaler ThreatLabz identifies three malicious NPM packages mimicking Bitcoin libraries. The NodeCordRAT virus uses Discord commands to exfiltrate MetaMask data and Chrome passwords.
·
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Koi Security uncovers lotusbail, a malicious npm package with 56K downloads that steals WhatsApp messages and installs a persistent backdoor. Learn how to protect your data.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The global developer community has been rocked by the emergence of PhantomRaven, a far-reaching campaign involving 126 malicious npm packages with more than 86,000 downloads. Lurking beneath the surface, these packages actively steal npm tokens, GitHub…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated supply chain attack involving ten malicious npm packages that execute automatically upon installation and deploy a comprehensive credential theft operation. The malware uses advanced obfuscation techniques, social engineering tactics, a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
