Lookalike npm Package Hides a Multi-Stage Windows RAT
JFrog found an npm package impersonating postcss-selector-parser to drop a multi-stage Windows RAT
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
JFrog found an npm package impersonating postcss-selector-parser to drop a multi-stage Windows RAT
The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue
A malicious npm package “nodejs-smtp” has been discovered impersonating nodemailer and injecting code to drain crypto wallets
Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool in order to steal sensitive data from developer systems
Twenty malicious packages impersonating the Hardhat development environment used by Ethereum developers are targeting private keys and other sensitive data. [...]
Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry