NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by bitcoin wallets. A major NPM developer, qix, has had their account compromised.
The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
The NPM JavaScript registry has experienced a jump in malware, including packages related to data theft, crypto mining, botnets, and remote code execution, according to security company WhiteSource.
Microsoft says latest attack targets Leo Platform and RStreams packages, harvesting creds and going after more maintainers ...
With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit approval from July 2026.
TEL AVIV, Israel and BOSTON, Feb. 2, 202/PRNewswire/ --WhiteSource, a leader in open source security and management, today released a new threat report based on malicious activity found in npm, the ...
Results that may be inaccessible to you are currently showing.
Hide inaccessible results