Over 46,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack
Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake...
registry
GlassWorm malware has resurfaced on the Open VSX registry
GlassWorm malware has resurfaced on the Open VSX registry Pierluigi Paganini November 10, 2025 GlassWorm malware resurfaces in Open VSX...
175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign
Oct 10, 2025Ravie LakshmananCybercrime / Malware Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm...
New supply chain attack hits npm registry, compromising 40+ packages
New supply chain attack hits npm registry, compromising 40+ packages Pierluigi Paganini September 16, 2025 Researchers uncovered a new supply...
Deceptive npm Package Aims at Atomic Wallet, Exodus Users by Interchanging Crypto Addresses
Perpetrators persist in uploading deceptive packages to the npm registry to manipulate existing local copies of authentic libraries to run...
Exploitation of Nine-Year-Old npm Components for Extracting API Keys Using Camouflaged Codes
A group of cybersecurity analysts identified a number of virtual currency components in the npm catalog that have been taken...
Deceitful npm Package Alters Local ‘ethers’ Library to Initiate Backdoor Infiltrations
Security experts have identified two malevolent bundles on the npm archive that have been crafted to corrupt another package installed...
PyPI Adds Archiving Status to Notify Users Regarding Unmaintained Python Packages
The caretakers of the Python Package Index (PyPI) repository have revealed a fresh capability that empowers package creators to mark...
Deceptive Tactics Aimed at Ethereum Developers by Cyber Threat Actors Using Counterfeit Hardhat npm Packages
A number of malicious packages have been uncovered on the npm registry by cybersecurity experts. These packages masquerade as the...
Deceptive Encoded NPM Bundle Camouflaged as an Etherium Utility Unleashes Quasar RAT
Security experts have found a malevolent bundle within the npm package database that pretends to be a toolkit for identifying...
