News
Malicious npm packages targeting Cursor macOS users stole credentials and disabled updates, impacting 3,200+ downloads.
Three NPM packages posing as developer tools for Cursor AI code editor’s macOS version contain a backdoor, researchers warn.
Developers adept at multiple coding languages are tricked into installing a familiar-sounding package from within the Node ...
Researchers have found malicious software that received more than 6,000 downloads from the NPM repository over a two-year span, in yet another discovery showing the hidden threats users of such open ...
A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google ...
Supply chain attack compromises the popular rand-user-agent scraping NPM package to deploy and activate a backdoor.
Hosted on MSN29d
Ripple NPM supply chain attack hunts for private keysThe NPM package, xrpl, is a JavaScript/TypeScript ... being called by various functions to steal private keys. Analysis of the different versions the attacker(s) released showed signs of ...
Many Hackaday readers will be familiar with npm (Node Package Manager), one of the backbones of the open-source JavaScript community. If you’ve played around with any kind of web or JavaScript p ...
Researchers at software supply chain management firm Sonatype have warned that attackers are increasingly using malicious 'typosquatting' packages infiltrating open source repositories to steal ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback