Backdoored node-ipc npm releases steal developer credentials through DNS queries
1mo ago
Source
DatadogBackdoored node-ipc npm releases steal developer credentials through DNS queriesdatadoghq.comAn analysis of backdoored node-ipc npm releases that add an obfuscated credential collection and DNS exfiltration payload to the CommonJS entrypoint.
You might also wanna read
Why npm lockfiles can be a security blindspot for injecting malicious modules
Snyk·6y ago
Security Alert: Malicious Nx Packages Published to npm Containing Credential-Stealing Code
Malicious versions of the Nx package and several supporting plugins were published to npm, containing code that scans file systems, collects

Malicious node-ipc versions published to npm in suspected maintainer account compromise
Snyk·1mo ago
NPM Vulnerability Allows 126 Malicious Packages to Be Downloaded 86,000+ Times
Security researchers have discovered a major vulnerability in NPM (Node Package Manager) that allows attackers to distribute malicious packa
arstechnica.com·8mo agoRed Hat npm supply chain attack compromises 32 packages with credential-stealing malware
A supply chain attack targeted Red Hat's npm namespace (@redhat-cloud-services), with 96 compromised versions across 32 packages backdoored
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
A threat actor using the alias vpmdhaj published 14 malicious npm packages within four hours, impersonating legitimate OpenSearch, Elasticse
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
A threat actor using the alias vpmdhaj published 14 malicious npm packages within four hours, impersonating legitimate OpenSearch, Elasticse

Comments
Sign in to join the conversation.
No comments yet. Be the first.