ZDNet

Malicious npm packages caught installing remote access trojans

The security team behind the "npm" repository for JavaScript libraries removed two npm packages this Monday for containing malicious code that installed a remote access trojan (RAT) on the computers ...
InfoWorld

GitHub bolsters NPM access control

New granular access tokens allow NPM package maintainers to restrict which packages, scopes, and organizations a token has access to. Looking to improve the safety and security of NPM JavaScript ...
Crowdfund Insider

Regtech SlowMist Analyzes Malicious Code Stealing Sensitive Keys, Private Information

Regtech firm SlowMist noted that recently, the NPM ecosystem experienced another large-scale package poisoning incident.

Shai-Hulud cyberattack hits over 25,000 npm projects, stealing developer credentials

A second wave of the Shai-Hulud supply-chain attack has struck the npm software ecosystem, affecting more than 25,000 ...
CSO Online

New Shai-Hulud worm spreading through npm, GitHub

The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, ...
InfoWorld

Contagious Interview attackers go ‘full stack’ to fool you

The originators of the Contagious Interview cyberattack campaign are stitching GitHub, Vercel, and NPM together into a ...
Dark Reading

Shai-hulud 2.0 Variant Threatens Cloud Ecosystem

The latest attack from the self-replicating npm-package poisoning worm can also steal credentials and secrets from AWS, ...
Crypto News

Massive NPM Supply-Chain Attack Targets ENS-Linked Libraries in Shai Hulud Breach

Shai-Hulud malware infiltrates 490 NPM packages, stealing API keys and credentials from ENS and major crypto development ...