Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection.

An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal ...

Recently, security researchers Socket found 10 packages on npm targeting software developers, specifically those who use the ...

Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts. "XWorm's modular design ...

More than 20 CrowdStrike NPM packages were among nearly 200 NPM packages hit by a sophisticated supply chain attack. The compromised packages were quickly removed and CrowdStrike said its Falcon ...

A potential npm supply chain disaster was averted in record time after attackers took over a verified developer’s credentials. On September 8, Josh Junon, a developer with over 1800 GitHub ...

Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into desktop apps for cryptocurrency wallets like Atomic and Exodus on ...

When using Node.js v24.4.0 on Windows, not WSL, an error occurs during the installation of npm install npm warn deprecated [email protected]: This package is now ...

Two malicious npm packages have been found posing as legitimate utilities to silently install backdoors for complete production wipeout. According to Socket research, the packages “express-api-sync” ...

Node.js 24 has officially arrived, and it’s bringing a rather tasty selection of improvements to the table. If you’re a developer knee-deep in web apps or wrestling with asynchronous code, this ...