Dark Reading

Supply Chain Attack Deploys Hundreds of Malicious NPM Modules to Steal Data

A routine scan of the NPM open source code repository in April turned up several packages using a JavaScript obfuscator to hide their true function. After further investigation, analysts with ...
Infosecurity-magazine.com

Malicious Npm Package Uses Typosquatting, Downloads Malware

A package called “aabquerys” has been spotted on the open-source JavaScript npm repository using typosquatting techniques to enable the download of malicious components. The findings come from ...
Dark Reading

Malicious npm Package Poses as Tailwind Tool

A malicious package in the npm open source code repository is hitching a social engineering ride on the "Tailwind" legitimate software library tool, which millions of application developers use around ...
MyBroadband

Researchers discover rogue Node.js packages stealing data

Security researchers from ReversingLabs discovered that 25 software packages available through the node package manager (NPM) have been stealing end-user data. NPM is the world’s largest open-source ...