Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens. The supply …
Tag:
Packages
Safety & Security
Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
by David Walker
Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the …
Safety & Security
10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux
by David Walker
Oct 29, 2025Ravie LakshmananMalware / Threat Intelligence Cybersecurity researchers have discovered a set of 10 malicious npm packages that are designed to deliver an information stealer targeting Windows, Linux, and …
Safety & Security
18 Popular Code Packages Hacked, Rigged to Steal Crypto – Krebs on Security
by David Walker
At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in …
Safety & Security
Self-Replicating Worm Hits 180+ Software Packages – Krebs on Security
by David Walker
At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, …
Safety & Security
Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers
by David Walker
Sep 03, 2025Ravie LakshmananMalware / Social Engineering Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to …