Infosecurity-magazine.com

FortiGuard Uncovers Deceptive Install Scripts in npm Packages

A series of malicious packages hidden within the Node Package Manager (npm), the largest software registry for JavaScript, has been uncovered. According to a new advisory published by FortiGuard on ...

Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know

Ten typosquatted npm packages delivered infostealing malware to nearly 10,000 systemsMalware targeted system keyrings, bypassing app-level security to steal decrypted credentialsAffected users must ...
Hackaday

This Week In Security: NPM, Kerbroasting, And The Rest Of The Story

Two billion downloads per week. That’s the download totals for the NPM packages compromised in a supply-chain attack this week. Ninety-nine percent of the cloud depends on one of the packages, and one ...
InfoWorld

Malicious npm packages contain Vidar infostealer

Researchers say the malware was in the repository for two weeks, advise precautions to defend against malicious packages.
Hosted on MSN

NPM packages from Nx targeted in latest worrying software supply chain attack

When a token with publishing rights was stolen, multiple poisoned Nx variants were released The malware stole secrets and other important data The attack lasted a few hours, but could be causing ...