Malicious npm Packages Impersonating Hyatt Internal Dependencies
Three malicious npm packages disguised as Hyatt internal dependencies were discovered using install hooks to execute malicious payloads. All packages share identical attack patterns and…
Read the full articleYou might also wanna read
176 malicious npm packages used dependency confusion to target internal dependencies and steal credentials
A 176-package npm malware campaign used dependency confusion and install-time scripts to steal credentials and compromise developer and CI/C
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all

Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT
Meta description: Malicious versions of the Axios npm package (1.14.1 and 0.30.4) were published via a compromised maintainer account, injec

These aren’t the npm packages you’re looking for
Earlier in the year, over 500 malicious packages were released into the npm ecosystem to create dependency confusion. Let’s look at some way

Targeted npm dependency confusion attack caught red-handed
Once in a while we encounter a truly malicious package that has a purpose, means, and is production-ready — this is a story about one found
NPM Vulnerability Allows 126 Malicious Packages to Be Downloaded 86,000+ Times
Packages downloaded from NPM can fetch dependencies from untrusted sites.
arstechnica.com·8mo ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.