Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets
Researchers uncover a malicious npm dependency linked to an AI‑assisted code commit that steals sensitive data and exposes crypto wallets
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Researchers uncover a malicious npm dependency linked to an AI‑assisted code commit that steals sensitive data and exposes crypto wallets
Ghost npm campaign fakes install logs to steal sudo passwords and drop RATs that loot crypto and data
A new malware campaign has been observed built on seven npm packages and using cloaking techniques and fake CAPTCHAs, operated by threat actor dino_reborn
A malicious campaign using Ethereum smart contracts has been observed targeting developers via npm and GitHub
A malicious npm package “nodejs-smtp” has been discovered impersonating nodemailer and injecting code to drain crypto wallets
A software supply chain attack targeting Nx marks the first known case where attackers have leveraged developer AI assistants, according to StepSecurity
SecurityScorecard has uncovered a sophisticated campaign linked to North Korea’s Lazarus Group, distributing crypto-stealing malware
A new supply chain attack targets Ethereum tools, exploiting npm packages to steal sensitive data
Cryptomining malware hits popular npm packages rspack and vant, posing risks to open source tools
A supply chain attack on the Solana library utilizing malicious npm versions has exposed private keys, putting crypto funds at risk
npm package @lottiefiles/lottie-player hacked with malicious code, draining crypto wallets via web3 pop-ups
Checkmarx has observed a novel npm supply chain attack using Ethereum smart contracts to manage command-and-control (C2) operations
North Korean groups exploited npm packages in coordinated attacks, targeting developers and cryptocurrency wallet browser extensions