News

The Hacker News

Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack

The malicious JavaScript code ("bundle.js") injected into each of the trojanized package is designed to download and run ...

Self-propagating supply chain attack hits 187 npm packages

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...

Warning about data-stealer spreading through software used by millions of programmers

Security researchers worldwide are warning about a supply-chain attack on the Node Package Manager (NPM), where a ...
Security Boulevard

Self-Replicating Worm Compromising Hundreds of NPM Packages

Hulud" has compromised hundreds of packages in the npm repository with a self-replicating worm that steals secrets like API key, tokens, and cloud credentials and sends them to external servers that ...
TechJuice

Critical npm Supply Chain Attack Exposes Global Firms

NCERT warns of npm supply chain compromise affecting 18 packages, exposing enterprises to crypto theft, credential leaks, and ...

Breach of npm threatens billions of weekly downloads in JavaScript ecosystem

Earlier this week, the Npm package manager suffered what may be its worst security incident to date. Unknown cybercriminals ...

Massive npm hack poisons 18 packages with billions of downloads

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after ...

Crypto stolen by hackers in largest NPM attack

Crypto intelligence platform Security Alliance released a report on Sep. 8 to reveal that Ethereum and Solana wallets have ...
CPO Magazine

Supply Chain Attack Infects Nearly 20 Popular NPM Packages with Billions of Weekly Downloads

Hackers injected malicious code into nearly a dozen 20 NPM packages with billions of weekly downloads in a software supply chain attack after phishing a maintainer’s account.