Multiple npm packages published by the crypto exchange, dYdX, and used by at least 44 cryptocurrency projects appear to have been compromised. Powered by the Ethereum blockchain, dydX is a ...
Taking over WhatsApp accounts "The package wraps the legitimate WebSocket client that communicates with WhatsApp. Every ...
Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain ...
The return of the Shai-Hulud supply chain attack was dubbed 'The Second Coming' shortly after the first warning about it on ...
Malicious npm package posing as a WhatsApp Web API library operated for months as a functional dependency while stealing ...
Nx is the latest target of a software supply chain attack in the NPM ecosystem, with multiple malicious versions being uploaded to the NPM registry on Tuesday evening.… According to researchers at Wiz ...
A malicious npm WhatsApp library with 56,000 downloads secretly stole messages, credentials, and contacts in a sophisticated ...
Security researchers discovered a fake WhatsApp API package on npm that steals developer credentials, raising fresh alarms ...
Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers.
A targeted supply chain attack involving the widely used npm package @lottiefiles/lottie-player has been uncovered, highlighting vulnerabilities in software ...
Here at Hackaday we love the good kinds of hacks, but now and then we need to bring up a less good kind. Today it was learned that the NPM package ua-parser-js was compromised, and any software using ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback