Latest News for: npm

Edit

NPM wins 2 regional Murrow Awards

The North Platte Telegraph 13 Jun 2026
LINCOLNNebraska Public Media recently earned two regional Edward R. Murrow Awards from the Radio Television Digital News Association ... .
Edit

GitHub finally pulls the plug on automatic install script execution for npm

InfoWorld 11 Jun 2026
The ability for attackers to leverage automatic install script execution in npm will finally come to an end when expected changes arrive from GitHub in July ... “Npm is not inventing a new doctrine.
Edit

GitHub pulls pin on npm's auto-run scripts

The Register 10 Jun 2026
GitHub will change npm's defaults so the install command no longer runs scripts automatically, disabling a feature commonly exploited by malicious packages such as the notorious Shai-Hulud worm ... Will this fix npm security issues? Unfortunately not.
Edit

IronWorm malware plants rootkit in Arweave ecosystem npm libraries

Cryptopolitan 06 Jun 2026
Attackers planted an infostealer inside 36 npm packages linked to the Arweave ecosystem ... It activates the moment a developer installs an npm package ... All a victim had to do was run npm install ... Malware attacks keep hitting npm.
Edit

New IronWorm Malware Hits 36 Packages In npm Supply-Chain Attack

Slashdot 04 Jun 2026
A new npm supply-chain attack has infected 36 packages with Rust-based infostealer malware called IronWorm ... The Rust-based malware self-propagates by using stolen credentials for publishing on npm; ...
Edit

npm worm exploits hidden build trigger

The Arabian Post 04 Jun 2026
gyp file to trigger execution during npm install, rather than relying on the preinstall or postinstall scripts that many security tools already monitor ... The article npm worm exploits hidden build trigger appeared first on Arabian Post.
Edit

Microsoft Warns Crypto Wallets Face New npm Trojan Risk

BTC Manager 03 Jun 2026
Microsoft warns two npm packages deploy a RAT that steals crypto wallet credentials, screenshots and keystrokes via Hugging Face ....
Edit

Red Hat hit by npm supply‑chain attack - here's how to stay safe

ZDNet 03 Jun 2026
Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its own. Here's what you can do about it ... .
Edit

Microsoft Uncovers Crypto-Stealing Malware Lurking in Popular npm Packages

Crypto Economy 03 Jun 2026
TL;DR Microsoft identified two compromised npm packages that secretly distributed malware capable of stealing cryptocurrency wallet credentials, keystrokes, screenshots, and other sensitive information.
Edit

Microsoft Flags Two Malicious npm Packages Targeting Crypto Wallets

Coin Edition 03 Jun 2026
Microsoft flagged two malicious npm packages abusing Hugging Face APIs ... The incident highlights ongoing npm supply chain risks targeting crypto users ... Microsoft Flags Two Malicious npm Packages.
Edit

Red Hat npm breach exposes cloud secrets

The Arabian Post 03 Jun 2026
Attackers have compromised Red Hat’s official @redhat-cloud-services namespace on npm, inserting credential-stealing malware into dozens of package releases used in cloud console development and software build pipelines.
Edit

Compromised Red Hat npm packages downloaded over 80,000 times in one week – supply chain ...

TechRadar 02 Jun 2026
Security researchers spotted a new campaign using the same methods as TeamPCP ... .
Edit

慢雾:Red Hat 云服务 npm 包遭活跃供应链攻击,超 300 个 GitHub 仓库中存在被盗凭证

BitRSS 02 Jun 2026
ChainCatcher 消息,慢雾 SlowMist 发布安全警报,检测到一起活跃的 npm 供应链攻击,目标是 @redhat-cloud-services 相关软件包。目前已确认 31+ ...
Edit

Infected Red Hat npm packages expose developer credentials

InfoWorld 02 Jun 2026
Developers who pulled packages from Red Hat’s @redhat-cloud-services npm namespace over the weekend got a secret-stealing worm instead ... in software supply chain attacks targeting the npm ecosystem.
Edit

OpenAI Codex tool with over 29,000 downloads linked to malicious npm supply chain attack stealing ...

TechRadar 01 Jun 2026
A tool started benign and turned sour after a little while, stealing tokens and granting persistent access ... .

Article Search

tools
×
×
×
×