ZDNet

Malicious npm packages are stealing Discord tokens

While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level. Read now DevOps security firm JFrog discovered 17 ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...
Dark Reading

Axios NPM Package Compromised in Precision Attack

The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North ...
Hosted on MSN

Malicious npm packages use devious backdoors to target users

Security researchers from Reversing Labs find two malicious packages on npm These serve as downloaders and target software developers building on the Ethereum blockchain The malware opens a reverse ...
Infosecurity-magazine.com

Malicious Npm Package Uses Typosquatting, Downloads Malware

A package called “aabquerys” has been spotted on the open-source JavaScript npm repository using typosquatting techniques to enable the download of malicious components. The findings come from ...
Infosecurity-magazine.com

Npm Packages Used to Distribute Phishing Links

Threat actors have been observed uploading over 15,000 spam packages to the npm open-source JavaScript repository from multiple user accounts within hours. The claims come from JavaScript developer ...
Hosted on MSN

Hundreds of malware-laden fake npm packages posted online to try and trick developers

Software developers, especially those working with cryptocurrencies, are once again facing a supply chain attack via open source code repositories. Cybersecurity researchers from Phylum have warned a ...
Dark Reading

Malicious npm Packages Scarf Up Discord Tokens, Credit Card Info

Four packages containing highly obfuscated malicious Python and JavaScript code were discovered this week in the Node Package Manager (npm) repository. According to a report from Kaspersky, the ...
Threat Post

Malicious npm Code Packages Built for Hijacking Discord Servers

The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases. A series of malicious packages in the Node.js package manager (npm) code ...
InfoQ

Anthropic Accidentally Exposes Claude Code Source via npm Source Map File

Anthropic's Claude Code CLI had its full TypeScript source exposed after a source map file was accidentally included in ...
Techzine Europe

North Korea behind social engineering attack on Axios project

The maintainer of the popular npm package Axios has revealed how attackers were able to take over his account and ...
SD Times

Shai-Hulud is back with a new campaign infecting more npm packages

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...