Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " ...
Recently, security researchers Socket found 10 packages on npm targeting software developers, specifically those who use the ...
Researchers say the malware was in the repository for two weeks, advise precautions to defend against malicious packages.
The payload is triggered only between August 8, 2027, and November 29, 2028, and does two destructive things: randomly kills ...
Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component ...
An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal ...
Software supply chain security firm JFrog has disclosed the details of a critical vulnerability affecting a popular React ...
Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.
Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection.
The ongoing ‘PhantomRaven’ malicious campaign has infected 126 npm packages to date, representing 86,000 downloads ...
Ten typosquatted npm packages (Jul 4, 2025) delivered a 24MB PyInstaller info stealer using 4 obfuscation layers; ~9,900 ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback