141 npm Packages Abuse Registry as Adware Hosting
npm account terminal3airport published 141 packages containing a web proxy unblocker disguised as tutoring websites. The packages load popunder ads, external monetization scripts, and Google…
Read the full articleYou might also wanna read
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
Attacker publishes 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
A single npm user published 14 malicious packages impersonating OpenSearch/Elasticsearch libraries to steal AWS, Vault, and CI/CD secrets.

Phishing Campaign Leveraging the NPM Ecosystem
A new phishing campaign weaponizes NPM and the unpkg CDN. Over 175 throwaway packages are used to host scripts that redirect users to creden
NPM Vulnerability Allows 126 Malicious Packages to Be Downloaded 86,000+ Times
Packages downloaded from NPM can fetch dependencies from untrusted sites.
arstechnica.com·8mo agoMajor NPM Supply Chain Attack: Over 1,000 Packages Infected via Fake Bun Runtime
Over 1,000 NPM packages were infected using the same method as the previous attack, infecting with a fake Bun runtime. The attacker leverage
North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign
The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser

Comments
Sign in to join the conversation.
No comments yet. Be the first.