According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to ...
Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
Malicious npm packages mimicking Rollup polyfill tooling steal browser data, crypto wallets, and AI tool credentials in a Lazarus-linked campaign.
A new research brief released by the Brookings Institution Monday takes a hard look at the best practices used by the community colleges that provide the most credentials of value. Researchers used ...
Researchers have uncovered a new Shai-Hulud malware variant that now also gathers Google Cloud and Azure identities, an addition to its previous credential-snatching behavior. Developers who pulled ...
Researchers have uncovered a new Shai-Hulud malware variant targeting Red Hat-related npm packages, spreading through software publishing ecosystems for persistence and credential theft. Developers ...
Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, where it pilfers sensitive credentials in hopes of stealing yet more ...
Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...
Microsoft has identified an active supply chain attack targeting the @antv node package manager (npm) package ecosystem. A threat actor compromised an @antv maintainer account and published malicious ...
Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini ...
Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. The node-ipc ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results