Microsoft says latest attack targets Leo Platform and RStreams packages, harvesting creds and going after more maintainers ...
JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Microsoft links the recent Mastra AI npm supply chain attack to , a North Korean group known for cryptocurrency theft ...
For a few critical days at the end of April 2026, thousands of developers building SAP integrations unknowingly handed their passwords and cloud credentials to attackers. Four widely used npm packages ...
Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems. The campaign targeted multiple ...
Neither npm’s parent company nor Microsoft has publicly confirmed details about the fake Teams update method or provided an independent timeline of the compromise. The available reporting draws ...
The NPM JavaScript registry has experienced a jump in malware, including packages related to data theft, crypto mining, botnets, and remote code execution, according to security company WhiteSource.