NPM Archives

Malware & Threats

Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack

Supply chain attack compromises the popular rand-user-agent NPM package to deploy and activate a backdoor.

Ionut Arghire5 days ago

Malware & Threats

Malicious NPM Packages Target Cursor AI’s macOS Users

Three NPM packages posing as developer tools for Cursor AI code editor’s macOS version contain a backdoor.

Ionut Arghire5 days ago

Malware & Threats

9-Year-Old NPM Crypto Package Hijacked for Information Theft

Nearly a dozen crypto packages on NPM, including one published 9 years ago, have been hijacked to deliver infostealers.

Ionut ArghireMarch 28, 2025

Malware & Threats

Snyk Says ‘Malicious’ NPM Packages Part of Research Project

Apparently malicious NPM packages linked to Snyk raised some concerns, but the security firm clarified that it’s part of a research project.

Eduard KovacsJanuary 14, 2025

Malware & Threats

Hundreds Download Malicious NPM Package Capable of Delivering Rootkit

Threat actor uses typosquatting to trick hundreds of users into downloading a malicious NPM package that delivers the r77 rootkit.

Ionut ArghireOctober 5, 2023

Malware & Threats

Dozens of Malicious NPM Packages Steal User, System Data

Fortinet warns of multiple malicious NPM packages that include install scripts designed to steal sensitive information.

Ionut ArghireOctober 3, 2023

Malware & Threats

Malicious NPM, PyPI Packages Stealing User Information

Security researchers are warning of a new wave of malicious NPM and PyPI packages designed to steal user information and download additional payloads.

Ionut ArghireFebruary 1, 2023

SECURITYWEEK NETWORK:

ICS:

All posts tagged "NPM"

Malware & Threats

Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack

Malware & Threats

Malicious NPM Packages Target Cursor AI’s macOS Users

Malware & Threats

9-Year-Old NPM Crypto Package Hijacked for Information Theft

Malware & Threats

Snyk Says ‘Malicious’ NPM Packages Part of Research Project

Malware & Threats

Hundreds Download Malicious NPM Package Capable of Delivering Rootkit

Malware & Threats

Dozens of Malicious NPM Packages Steal User, System Data

Malware & Threats

Malicious NPM, PyPI Packages Stealing User Information

Featured

Malware & Threats

Zero-Day Attacks Highlight Another Busy Microsoft Patch Tuesday

Data Protection

CISA Warns of Flaw in TeleMessage App Used by Ex-National Security Advisor

Mobile & Wireless

Apple Patches Major Security Flaws in iOS, macOS Platforms

Tracking & Law Enforcement

US Announces Botnet Takedown, Charges Against Russian Administrators

Ransomware

LockBit Ransomware Admin Panel Hacked, Leaks Reveal Inside Details

Vulnerabilities

Possible Zero-Day Patched in SonicWall SMA Appliances

ICS/OT

US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations

Latest News

Incident Response

Adobe Patches Big Batch of Critical-Severity Software Flaws

Uncategorized

Microsoft to Lay Off About 3% of Its Workforce

Threat Intelligence

Sharing Intelligence Beyond CTI Teams, Across Wider Functions and Departments

Vulnerabilities

SAP Patches Another Critical NetWeaver Vulnerability

Vulnerabilities

Radware Says Recently Disclosed WAF Bypasses Were Patched in 2023

Data Breaches

Marks & Spencer Says Data Stolen in Ransomware Attack

Nation-State

Output Messenger Zero-Day Exploited by Turkish Hackers for Iraq Spying

Daily Briefing Newsletter