In the light of recent supply chain attacks targeting the NPM ecosystem, GitHub will implement tighter authentication and ...

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...

It is possible that the attackers behind this attack are the same ones as last time. Their malicious code bears the name of a prominent science fiction monster.

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...

A new supply-chain attack compromised at least 187 npm packages, targeting developer secrets across software projects ...

Researchers have discovered multiple npm packages named after NodeJS libraries that even pack a Windows executable that resembles NodeJS but instead drops a sinister trojan. These packages, given ...

In light of recent cyberattacks and growing security concerns, GitHub is taking immediate and direct action to secure the ...

A new piece of malware is spreading through the popular tinycolor NPM library and more than 300 other packages, some of which ...

NPM has removed multiple packages hosted on its repository this week that established connection to remote servers and exfiltrated user data. These 4 packages had collected over 1,000 total downloads ...

The credential stealer harvested username, password, and 2FA codes before sending them to a remote host. With full access, the attacker republished every "qix" package with a crypto-focused payload.