Malicious node-ipc versions published to npm in suspected maintainer account compromise
Source
SnykMalicious node-ipc versions published to npm in suspected maintainer account compromisesnyk.ioYou might also wanna read
Popular npm packages debug and chalk compromised with crypto-intercepting malware
Starting September 8th, 2023, the popular npm packages "debug" and "chalk" were compromised with malicious code. These packages, which colle
aikido.dev·10mo agoNPM Vulnerability Allows 126 Malicious Packages to Be Downloaded 86,000+ Times
Security researchers have discovered a major vulnerability in NPM (Node Package Manager) that allows attackers to distribute malicious packa
arstechnica.com·8mo agoAttacker publishes 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
A single npm user published 14 malicious packages over four hours, impersonating popular OpenSearch, Elasticsearch, DevOps, and environment-
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
A threat actor using the alias vpmdhaj published 14 malicious npm packages within four hours, impersonating legitimate OpenSearch, Elasticse
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
A threat actor using the alias vpmdhaj published 14 malicious npm packages within four hours, impersonating legitimate OpenSearch, Elasticse
Security Alert: Malicious Nx Packages Published to npm Containing Credential-Stealing Code
Malicious versions of the Nx package and several supporting plugins were published to npm, containing code that scans file systems, collects
DuckDB npm packages 1.3.3 and 1.29.2 compromised with cryptocurrency-targeting malware
The DuckDB npm packages (duckdb, @duckdb/node-api, @duckdb/node-bindings, and duckdb-async) were compromised with malware in versions 1.3.3

Comments
Sign in to join the conversation.
No comments yet. Be the first.