Tag: Packages
-
8 Malicious NPM Packages Stole Chrome User Data on Windows
JFrog researchers found eight malicious NPM packages using 70 layers of obfuscation to steal data from Chrome browser users on Windows. The …
-
Popular Nx Packages Compromised by Credential-Stealing Malware
A widespread supply chain attack on the popular Nx build system has compromised dozens of high-traffic packages, exposing sensitive …
-
Malicious npm Packages Target Crypto Developers to Steal Login Credentials
A sophisticated threat campaign dubbed “Solana-Scan” has emerged, deploying malicious npm packages aimed at infiltrating the Solana …
-
Popular npm Package Compromised in Phishing Attack
A significant security incident involving the widely used npm package “eslint-config-prettier” has been uncovered. The package, …
-
Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks
Cybersecurity researchers have discovered a malicious package in the Python Package Index (PyPI) repository that introduces malicious …
-
Malicious npm Package Lures Job Seekers and Exfiltrates Sensitive Data
A self-proclaimed Ukrainian Web3 team targeted a community member during an interview’s first round by instructing them to clone and run …
-
Typosquatted PyPI Packages Used by Threat Actors to Steal Cryptocurrency from Bittensor Wallets
GitLab’s Vulnerability Research team has uncovered a highly sophisticated cryptocurrency theft campaign exploiting typosquatted Python …
-
Malicious Go Packages Used by Threat Actors to Deploy Obfuscated Remote Payloads
Socket’s Threat Research Team has identified eleven malicious Go packages distributed via GitHub, with ten remaining active on the Go …
-
Weaponized npm Packages Target WhatsApp Developers with Remote Kill Switch
Socket’s Threat Research Team has uncovered a sophisticated supply chain attack targeting developers integrating with the WhatsApp …
-
North Korean Hackers Exploit NPM Packages to Steal Cryptocurrency and Sensitive Data
Veracode Threat Research has uncovered a sophisticated North Korean cryptocurrency theft operation that continues to evolve, building on …
-
To Bundle or Not to Bundle: Your Guide to VPNs and Other Cybersecurity Service Packages
Attila has nearly a decade’s worth of experience with VPNs and has been covering them for CNET since 2021. As CNET’s VPN expert, Attila …
-
AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown
Cybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence (AI) and concealed a …
â—Źâ—Źâ—Ź