Lookalike npm Package Hides a Multi-Stage Windows RAT
JFrog found an npm package impersonating postcss-selector-parser to drop a multi-stage Windows RAT
Node.js security covers vulnerabilities, dependency risks, and runtime defenses that can affect server-side applications and their data.
Search across headline titles and summaries.
Background for this topic.
Node.js is an open-source, cross-platform runtime that executes JavaScript outside a web browser, using Google’s V8 engine. Its event-driven, non-blocking input/output model is widely used for web servers, APIs, command-line tools, and backend services. The runtime is not itself an application framework; security outcomes depend substantially on the code and modules running within it.
Security concerns include vulnerabilities in the Node.js runtime, insecure application logic such as injection or server-side request forgery, and risks from the large npm dependency ecosystem. Malicious or compromised packages, unsafe install scripts, transitive dependencies, and prototype-pollution flaws can expand an application’s attack surface. Practitioners should track runtime and package advisories, use lockfiles and dependency review, restrict package-install and process permissions where practical, validate untrusted input, and protect credentials and session data. During incidents, dependency inventories and build records help determine whether a vulnerable module or runtime was deployed.
Weekly headline count for the current query.
JFrog found an npm package impersonating postcss-selector-parser to drop a multi-stage Windows RAT
NPM, part of GitHub, announced a new version of the npm package manager with several security improvements, including disabling install scripts
Attackers backdoored 32 packages in Red Hat's official npm scope to steal cloud and CI secrets
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator
Mini Shai-Hulud worm hits Alibaba AntV ecosystem in largest npm supply chain wave to date
Mini Shai-Hulud compromises TanStack npm packages and spreads across PyPI
Researchers uncover a malicious npm dependency linked to an AI‑assisted code commit that steals sensitive data and exposes crypto wallets
Malicious npm packages spread via worm-like propagation and steal developer credentials
Threat actors hijacked the popular npm package axios to spread RAT malware after compromising an open‑source maintainer’s account, researchers warn
Ghost npm campaign fakes install logs to steal sudo passwords and drop RATs that loot crypto and data
Supply chain worm mimicking Shai-Hulud malware spread via malicious npm packages, targeting AI tools has been identified by security researchers
A new campaign involving 19 malicious Visual Studio Code extensions used a legitimate npm package to embed malware in dependency folders
Malicious npm package targets AI security with misleading prompts, exploiting automated analysis
A new version of the Shai-Hulud worm has infected hundreds of npm packages and caused disruption to global CI/CD workflows
A new malware campaign has been observed built on seven npm packages and using cloaking techniques and fake CAPTCHAs, operated by threat actor dino_reborn
A new npm worm dubbed “IndonesianFoods” has doubled the number of known malicious packages
The ongoing ‘PhantomRaven’ malicious campaign has infected 126 npm packages to date, representing 86,000 downloads
The security researchers who discovered the malicious npm package called it the “first malicious MCP in the wild”
Malicious npm package Fezbox uses QR codes to steal credentials from browser cookies
A secret-stealing worm is spreading fast across the npm ecosystem, experts have warned