An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal ...
Recently, security researchers Socket found 10 packages on npm targeting software developers, specifically those who use the ...
Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component ...
Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection.
Researchers say the malware was in the repository for two weeks, advise precautions to defend against malicious packages.
The typosquatted packages auto-execute on installation, fingerprint victims by IP, and deploy a PyInstaller binary to harvest ...
Supply chain security company Safety has discovered a trojan in NPM that masqueraded as Anthropic’s popular Claude Code AI ...
The npm packages were available since July, have elaborately obfuscated malicious routines, and rely on a fake CAPTCHA to ...
Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities ...
Ten typosquatted npm packages (Jul 4, 2025) delivered a 24MB PyInstaller info stealer using 4 obfuscation layers; ~9,900 ...
The bug exposes the Metro development server to remote attacks, allowing arbitrary OS command execution on developer systems ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback