CPO Magazine

North Korean Hackers Target Developers with Nearly 200 Malicious NPM Packages in “Contagious Interview” Hacking Campaign

North Korean hackers intensify their efforts against blockchain and Web3 developers, using nearly 200 malicious npm packages ...

Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets

The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM ...
InfoWorld

Did your npm pipeline break today? Check your ‘classic’ tokens

A spate of supply chain attacks forces GitHub’s npm to revoke ‘classic’ tokens. Despite this, larger worries about developer ...
Infosecurity Magazine

Malware Discovered in 19 Visual Studio Code Extensions

A new campaign involving 19 malicious Visual Studio Code extensions used a legitimate npm package to embed malware in ...
The Hacker News

Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools

Malicious npm package mimics an ESLint plugin, embeds an AI-tricking prompt, and steals environment variables via a ...
InfoWorld

A proactive defense against npm supply chain attacks

Supply chain risk is unavoidable, but not unmanageable. Proactively prevent supply chain attacks by embedding YARA into ...
How-To Geek on MSN

NPM packages are infected with malware, again

It keeps happening.
The Hacker News

Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

Researchers found malicious VS Code extensions and Go, npm, and Rust packages stealing developer data via hidden payloads and exfiltration.

Malicious VSCode Marketplace extensions hid trojan in fake PNG file

A stealthy campaign with 19 extensions on the VSCode Marketplace has been active since February, targeting developers with ...