Researchers at Zscaler ThreatLabz have found three malicious Bitcoin npm packages that are meant to implant malware named ...
A critical CVSS 9.2 flaw in AdonisJS bodyparser lets attackers write arbitrary files via path traversal when uploads are ...
Trust Wallet believes the compromise of its web browser to steal roughly $8.5 million from over 2,500 crypto wallets is ...
For me, UniGetUI is not just a replacement for the Microsoft Store. It has completely changed the way I find new software and ...
A new Shai-Hulud npm strain and a fake Jackson Maven package show how attackers abuse trusted dependencies to steal secrets ...
Shai-Hulud 2.0 infected over 12,000 systems and exposed Trust Wallet keys that were used to steal $8.5 million from 2,520 ...
As you're probably well aware, Windows doesn't have the elegant package management system that Linux users have enjoyed for ...
Amazon researchers discovered more than 150,000 malicious packages in the NPM registry, in what they called "a defining moment in supply chain security." The packages were part of a token farming ...
Security researchers have uncovered another large-scale, coordinated attack on the npm ecosystem, using worm-like techniques to spread spam packages. Dubbed “IndonesianFoods” due to the unique naming ...
The spam campaign is likely orchestrated by an Indonesian threat actor, based on code comments and the packages’ random names. A threat actor has published tens of thousands of malicious NPM packages ...
Malicious code continues to be uploaded to open source repositories, making it a challenge for responsible developers to trust what’s there, and for CISOs to trust applications that include open ...
Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection. The finding, ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback