Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.
Microsoft says latest attack targets Leo Platform and RStreams packages, harvesting creds and going after more maintainers ...
JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Red Hat hit by npm supply‑chain attack - here's how to stay safe ...
Microsoft links the recent Mastra AI npm supply chain attack to , a North Korean group known for cryptocurrency theft ...
Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
A malicious npm package has been caught impersonating one of the JavaScript ecosystem's most widely used build tools. The ...
Sign up with your email below to instantly access member features, newsletters and exclusive Insider perks ...
Three JavaScript packages have been removed from the npm portal on Thursday for containing malicious code. According to advisories from the npm security team, the three JavaScript libraries opened ...
Researchers continue to investigate a wave of malicious npm packages, with the published tally now reaching over 700. Last week, JFrog researchers disclosed the scheme in which an unknown threat actor ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results