ZDNet

Malicious npm packages caught installing remote access trojans

The security team behind the "npm" repository for JavaScript libraries removed two npm packages this Monday for containing malicious code that installed a remote access trojan (RAT) on the computers ...
TechRadar

Compromised files replace npm packages with a combined 2 billion weekly downloads

Over a dozen popular npm packages were compromised in a phishing-based supply chain attack The malware targeted crypto users by hijacking wallet addresses during transactions Some called it the most ...
ZDNet

Hundreds more packages found in malicious npm 'factory'

Researchers continue to investigate a wave of malicious npm packages, with the published tally now reaching over 700. Last week, JFrog researchers disclosed the scheme in which an unknown threat actor ...
Ars Technica

NPM flooded with malicious packages downloaded more than 86,000 times

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection. The finding, ...