Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens. The supply …
Tag:
npm
Safety & Security
Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
by David Walker
Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the …
A massive Shai-Hulud-style npm supply chain worm is hitting the software ecosystem, burrowing through developer machines, CI pipelines, and AI coding tools. Socket researchers uncovered the active attack campaign and …
Safety & Security
10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux
by David Walker
Oct 29, 2025Ravie LakshmananMalware / Threat Intelligence Cybersecurity researchers have discovered a set of 10 malicious npm packages that are designed to deliver an information stealer targeting Windows, Linux, and …
Safety & Security
Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers
by David Walker
Sep 03, 2025Ravie LakshmananMalware / Social Engineering Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to …