Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in ...

Trojanized npm packages spread new variant that executes in pre-install phase, hitting thousands within days A ...

The originators of the Contagious Interview cyberattack campaign are stitching GitHub, Vercel, and NPM together into a ...

North Korean attackers have delivered more than 197 malicious packages as part of ongoing state-sponsored activity to ...

The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, ...

Malicious npm package mimics an ESLint plugin, embeds an AI-tricking prompt, and steals environment variables via a ...

Regtech firm SlowMist noted that recently, the NPM ecosystem experienced another large-scale package poisoning incident.

Shai-Hulud malware infiltrates 490 NPM packages, stealing API keys and credentials from ENS and major crypto development ...

The attackers have learned from their mistakes and have now developed a more aggressive version of the worm. It has already ...

Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever ...

Approximately 640 NPM packages have been infected with a new variant of the Shai-Hulud self-replicating worm in a fresh wave of attacks.