All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

MAL-2026-10078: Malicious code in vybscan-testbed-inert-postinstall (npm)

The npm package 'vybscan-testbed-inert-postinstall' version 1.0.0 contains malicious code in its postinstall script. This script executes automatically during 'npm install' and collects the host…

Read the full article
3h agoen

You might also wanna read

Security Alert: Malicious Nx Packages Published to npm Containing Credential-Stealing Code

## Summary Malicious versions of the [`nx` package]( as well as some supporting plugin packages, were published to npm, containing code that

github.com·10mo ago

Typosquatted npm Package Delivers Windows RAT with Encrypted C2 and Registry Persistence

A newly discovered malware campaign is targeting Windows systems through a deceptive package on the npm registry. Disguised as a legitimate

cybersecuritynews.com·15d ago

Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries

And then Microsoft busted them all

theregister.com·1mo ago

Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries

And then Microsoft busted them all

theregister.com·1mo ago

176 malicious npm packages used dependency confusion to target internal dependencies and steal credentials

A 176-package npm malware campaign used dependency confusion and install-time scripts to steal credentials and compromise developer and CI/C

sonatype.com·1mo ago

Injective SDK on npm infected with cryptocurrency wallet stealer

Hackers compromised the Injective Labs SDK project's GitHub repository and used it to publish a malicious package on the Node Package Manage

BleepingComputer·16h ago

Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials

Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to developers and users o

BleepingComputer·1d ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.