Dark Reading

Malicious Npm Packages Abuse Adspect Cloaking in Crypto Scam

Malicious npm packages are using unique anti-evasion and targeting tactics to identify and redirect victims to cryptocurrency-themed scam websites, researchers have found. Socket Threat Research ...
InfoWorld

Malicious npm packages contain Vidar infostealer

Malicious code continues to be uploaded to open source repositories, making it a challenge for responsible developers to trust what’s there, and for CISOs to trust applications that include open ...
Infosecurity-magazine.com

“IndonesianFoods” npm Worm Publishes 44,000 Malicious Packages

Security researchers have uncovered another large-scale, coordinated attack on the npm ecosystem, using worm-like techniques to spread spam packages. Dubbed “IndonesianFoods” due to the unique naming ...
Dark Reading

150,000 Packages Flood NPM Registry in Token Farming Campaign

Amazon researchers discovered more than 150,000 malicious packages in the NPM registry, in what they called "a defining moment in supply chain security." The packages were part of a token farming ...
CSOonline

Malicious packages in npm evade dependency detection through invisible URL links: Report

Threat actors are finding new ways to insert invisible code or links into open source code to evade detection of software supply chain attacks. The latest example was found by researchers at ...
Ars Technica

NPM flooded with malicious packages downloaded more than 86,000 times

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection. The finding, ...