npm Updates Supply Chain Security Measures Key Considerations for Users
In December 2025, npm implemented a significant authentication overhaul following the Sha1-Hulud incident to combat supply-chain attacks. Although this reform ...
Tag: npm
27 npm Packages Used for Phishing to Steal Credentials
Cybersecurity researchers have revealed a "sustained and targeted" spear-phishing campaign involving the publication of 27 malicious packages on the npm ...
Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys
A new set of four malicious packages has been identified in the npm package registry, designed to steal cryptocurrency wallet ...
Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets
Cybersecurity researchers have identified a malicious npm package named nodejs-smtp, which mimics the legitimate library nodemailer, to stealthily inject harmful ...
Malware Injected into 6 npm Packages After Maintainer Tokens Stolen in Phishing Attack
Cybersecurity researchers have reported a supply chain attack targeting popular npm packages through a phishing campaign aimed at stealing maintainers' ...
Over 3,200 Cursor Users Infected by Malicious Credential-Stealing npm Packages
Cybersecurity researchers have identified three malicious npm packages targeting the macOS version of the AI code editor Cursor, which have ...
News Summarized. Time Saved. Bite-sized news briefs for busy people. No fluff, just facts.