Malware & Threats Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack Supply chain attack compromises the popular rand-user-agent NPM package to deploy and activate a backdoor. Ionut Arghire5 days ago
Malware & Threats Malicious NPM Packages Target Cursor AI’s macOS Users Three NPM packages posing as developer tools for Cursor AI code editor’s macOS version contain a backdoor. Ionut Arghire5 days ago
Malware & Threats 9-Year-Old NPM Crypto Package Hijacked for Information Theft Nearly a dozen crypto packages on NPM, including one published 9 years ago, have been hijacked to deliver infostealers. Ionut ArghireMarch 28, 2025
Malware & Threats Snyk Says ‘Malicious’ NPM Packages Part of Research Project Apparently malicious NPM packages linked to Snyk raised some concerns, but the security firm clarified that it’s part of a research project. Eduard KovacsJanuary 14, 2025
Malware & Threats Hundreds Download Malicious NPM Package Capable of Delivering Rootkit Threat actor uses typosquatting to trick hundreds of users into downloading a malicious NPM package that delivers the r77 rootkit. Ionut ArghireOctober 5, 2023
Malware & Threats Dozens of Malicious NPM Packages Steal User, System Data Fortinet warns of multiple malicious NPM packages that include install scripts designed to steal sensitive information. Ionut ArghireOctober 3, 2023
Malware & Threats Malicious NPM, PyPI Packages Stealing User Information Security researchers are warning of a new wave of malicious NPM and PyPI packages designed to steal user information and download additional payloads. Ionut ArghireFebruary 1, 2023