Yahoo

North Korean hackers are using malicious npm packages to target developers

Add Yahoo as a preferred source to see more of our stories on Google. North Korean state-sponsored threat actors were observed pushing malicious packages into the npm registry, in an attempt to ...
Bleeping Computer

Blockchain dev's wallet emptied in "job interview" using npm package

A blockchain developer shares his ordeal over the holidays when he was approached on LinkedIn by a "recruiter" for a web development job. The recruiter in question asked the developer to download npm ...
Hosted on MSN

New NPM supply-chain attack compromises major ENS and crypto libraries

A major JavaScript supply-chain attack has compromised hundreds of software packages — including at least 10 used widely across the crypto ecosystem — according to new research from cybersecurity firm ...
Bleeping Computer

Malicious Rspack, Vant packages published using stolen NPM tokens

Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers.
TheStreet.com

How to stay safe if you’re using MetaMask, Phantom, Trust or any crypto wallet from NPM attack

A new cyberattack has put millions of crypto users on alert after hackers slipped malicious code into NPM, the software registry that powers thousands of apps and websites, including many tied to ...
Dark Reading

GitHub Aims to Secure Supply Chain as NPM Hacks Ramp Up

GitHub this week committed to a more secure NPM supply chain in the wake of a handful of attacks causing widespread compromise. On Sept. 22, GitHub senior director of security research Xavier ...
InfoWorld

Deno adds support for private NPM registries

Deno Land has released Deno 1.44, the latest version of the JavaScript, TypeScript, and WebAssembly runtime rivaling Node.js. The upgrade adds support for private NPM registries, letting developers ...