Malicious npm Package Masquerades as Popular Email Library
A malicious npm package “nodejs-smtp” has been discovered impersonating nodemailer and injecting code to drain crypto wallets
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A malicious npm package “nodejs-smtp” has been discovered impersonating nodemailer and injecting code to drain crypto wallets
Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into desktop apps for cryptocurrency wallets like Atomic and Exodus on Windows systems
The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack designed to harvest and exfiltrate users' private keys
The recommended Ripple cryptocurrency NPM JavaScript library named "xrpl.js" was compromised to steal XRP wallet seeds and private keys and transfer them to an attacker-controlled server, allowing threat actors to steal all the funds stored in the wallets. [...]
Cybersecurity researchers have identified three sets of malicious packages across the npm and Python Package Index (PyPI) repository that come with capabilities to steal data and even delete sensitive data from infected systems
Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an open-source remote access trojan called Quasar RAT onto developer systems
Damage likely limited to those running bots with private key access Malware-poisoned versions of the widely used JavaScript library @solana/web3.js were distributed via the npm package registry, according to an advisory issued Wednesday by project maintainer Steven Luscher.…
A supply chain attack on the Solana library utilizing malicious npm versions has exposed private keys, putting crypto funds at risk
Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users' private keys with an aim to drain their cryptocurrency wallets
Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency on infected systems