News

The Hacker News

40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials

The malicious JavaScript code ("bundle.js") injected into each of the trojanized package is designed to download and run TruffleHog, a legitimate secret scanning tool, using it to scan the host for ...

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...

Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...

Ethereum smart contracts quietly push javascript malware targeting developers

Hackers are using Ethereum smart contracts to conceal malware payloads inside seemingly benign npm packages, a tactic that ...