Bleeping Computer

NPM nukes NodeJS malware opening Windows, Linux reverse shells

NPM has removed multiple packages hosted on its repository this week that established connection to remote servers and exfiltrated user data. These 4 packages had collected over 1,000 total downloads ...

Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub

Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in ...
ZDNet

Show-stopping bug appears in npm Node.js package manager

Are you a developer who uses npm as the package manager for your JavaScript or Node.js code? If so, do not -- I repeat do not -- upgrade to npm 5.7.0. Nothing good can come of it. As one user reported ...
Security Boulevard

FAQ About Sha1-Hulud 2.0: The “Second Coming” of the npm Supply-Chain Campaign

Sha1-Hulud malware is an aggressive npm supply-chain attack compromising CI/CD and developer environments. This blog addresses frequently asked questions and advises cloud security teams to ...
Finextra

Why is Node.js the Top Choice for Building Enterprise-Grade Web Applications?

Javascript has left no stone unturned when providing technological advancements in the digital world. The scripting programming language has drastically changed the web app development genre with its ...
Threat Post

NPM Package Steals Passwords via Chrome’s Account-Recovery Tool

In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems via ChromePass. A credentials-stealing code bomb that uses legitimate password ...