Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...

The malicious JavaScript code ("bundle.js") injected into each of the trojanized package is designed to download and run ...

Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...

In a similar style to the Nx attack, the payload then publishes a new repo via the victim's GitHub account, dropping stolen ...

Two billion downloads per week. That’s the download totals for the NPM packages compromised in a supply-chain attack this ...

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.

The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, ...

During the two-hour window on Monday in which hijacked npm versions were available for download, malware-laced packages ...

Hackers injected malicious code into nearly a dozen 20 NPM packages with billions of weekly downloads in a software supply chain attack after phishing a maintainer’s account.

It is possible that the attackers behind this attack are the same ones as last time. Their malicious code bears the name of a prominent science fiction monster.