AI-Generated npm Malware Leaks Its Own GitHub Token
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator
Malicious npm packages spread via worm-like propagation and steal developer credentials
Threat actors hijacked the popular npm package axios to spread RAT malware after compromising an open‑source maintainer’s account, researchers warn
Ghost npm campaign fakes install logs to steal sudo passwords and drop RATs that loot crypto and data
Supply chain worm mimicking Shai-Hulud malware spread via malicious npm packages, targeting AI tools has been identified by security researchers
A new campaign involving 19 malicious Visual Studio Code extensions used a legitimate npm package to embed malware in dependency folders
Malicious npm package targets AI security with misleading prompts, exploiting automated analysis
A new malware campaign has been observed built on seven npm packages and using cloaking techniques and fake CAPTCHAs, operated by threat actor dino_reborn
The ongoing ‘PhantomRaven’ malicious campaign has infected 126 npm packages to date, representing 86,000 downloads
A software supply chain attack targeting Nx marks the first known case where attackers have leveraged developer AI assistants, according to StepSecurity
Socket has identified a new malware loader called XORIndex incorporated into malicious packages published to the npm registry, with over 9000 downloads so far
A newly discovered malware campaign uses malicious npm packages to deploy reverse shells, compromising development environments
SecurityScorecard has uncovered a sophisticated campaign linked to North Korea’s Lazarus Group, distributing crypto-stealing malware
Cryptomining malware hits popular npm packages rspack and vant, posing risks to open source tools
Phylum said the attack demonstrated a carefully crafted development cycle
Reversing Labs said aabquerys was able to download second- and third-stage malware payloads
Kaspersky claims malware also steals card data