What is typosquatting and how typosquatting attacks are responsible for malicious modules in npm
Source
SnykWhat is typosquatting and how typosquatting attacks are responsible for malicious modules in npmsnyk.ioYou might also wanna read
Typosquatted npm Package Delivers Windows RAT with Encrypted C2 and Registry Persistence
A malware campaign targets Windows systems via a typosquatted npm package called postcss-minify-selector-parser, disguised as the legitimate
cybersecuritynews.com·13d agoSecurity Alert: Malicious Nx Packages Published to npm Containing Credential-Stealing Code
Malicious versions of the Nx package and several supporting plugins were published to npm, containing code that scans file systems, collects
Microsoft uncovers npm supply chain attack stealing cloud and CI/CD credentials via typosquatted packages
Microsoft identified an active supply chain attack (Mini Shai-Hulud campaign) targeting the npm package ecosystem. On May 28, 2026, a threat
176 malicious npm packages used dependency confusion to target internal dependencies and steal credentials
Sonatype researchers uncovered a campaign involving 176 malicious npm packages using a dependency confusion attack strategy. Attackers publi
Post-mortem Analysis of @ctrl/tinycolor npm Supply Chain Attack via GitHub Actions
A detailed post-mortem analysis of a supply chain attack on the @ctrl/tinycolor npm package. The attack occurred when a malicious GitHub Act
AI-Generated npm Package Leaks Its Own GitHub Token, Exposing Malware Operator
A malicious npm package named mouse5212-super-formatter, identified by OX Security, was caught leaking its own hardcoded GitHub token. This

Comments
Sign in to join the conversation.
No comments yet. Be the first.