Latest news

Bitwarden CLI npm Package Compromised in Sophisticated GitHub Actions Supply Chain Attack
Malware

Bitwarden CLI npm Package Compromised in Sophisticated GitHub Actions Supply Chain Attack

28 April 2026 dark6

Security researchers at Socket have confirmed that the official Bitwarden CLI npm package (version 2026.4.0) was tampered with via a...
Read more 0
Malicious npm Package js-logger-pack Turns Hugging Face Into Malware CDN and Data Exfiltration Backend
Malware

Malicious npm Package js-logger-pack Turns Hugging Face Into Malware CDN and Data Exfiltration Backend

24 April 2026 dark6

JFrog Security researchers have uncovered a malicious npm package, js-logger-pack, that uses Hugging Face as both a malware delivery network...
Read more 0
Sophisticated npm malware campaign exploits Cross-Ecosystem typosquatting
Malware

Sophisticated npm malware campaign exploits Cross-Ecosystem typosquatting

3 May 2025 securebulletin.com

A coordinated malware operation targeting npm employs cross-ecosystem typosquatting to mimic popular libraries from Python, Java, C++, and .NET ecosystems....
Read more 0
Malicious NPM packages targeting PayPal users: a recap analysis
Malware

Malicious NPM packages targeting PayPal users: a recap analysis

12 April 2025 securebulletin.com

FortiGuard Labs recently uncovered a series of malicious NPM packages designed to steal sensitive information from compromised systems. These packages,...
Read more 0
North Korean hackers targeting NPM packages
Spyware

North Korean hackers targeting NPM packages

3 September 2024 dark6

In recent weeks, the cybersecurity landscape has witnessed a concerning uptick in malicious activities targeting developers through compromised NPM (Node...
Read more 0