Malicious npm packages posing as n8n community nodes were used to steal OAuth tokens by abusing trusted workflow integrations ...
Researchers discovered malicious npm packages posing as n8n integrations, exfiltrating OAuth tokens and API keys from ...
Cryptopolitan on MSN
Cybersecurity researchers uncover fake Bitcoin npm packages that steal crypto wallets and seeds
Researchers at Zscaler ThreatLabz have found three malicious Bitcoin npm packages that are meant to implant malware named ...
The popular npm package "is" was infected with cross-platform malware, around the same time that linting utility packages used with the prettier code formatter were infected with Windows-only malware.
A dramatic spike in npm-focused intrusions shows how attackers have shifted from opportunistic typosquatting to systematic, credential-driven supply chain compromises — exploiting CI systems, ...
A critical CVSS 9.2 flaw in AdonisJS bodyparser lets attackers write arbitrary files via path traversal when uploads are ...
A 'logical flaw' in the npm registry enabled authors of malicious packages to quietly add anyone and any number of users as 'maintainers' to their packages in an attempt to boost the trust in their ...
The NPM JavaScript registry has experienced a jump in malware, including packages related to data theft, crypto mining, botnets, and remote code execution, according to security company WhiteSource.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback