cryptopolitan

Attackers trojanized Arweave’s WeaveDB npm package to deploy malware

A Rust infostealer called IronWorm hid in 36 npm packages from the Arweave ecosystem. The malware self-replicated and then pushed backdated malicious commits across nine organizations. Developers who ...
Microsoft

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Microsoft has identified an active supply chain attack targeting the @antv node package manager (npm) package ecosystem. A threat actor compromised an @antv maintainer account and published malicious ...
The Hacker News

Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer

Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code (VS Code) Marketplace. The extension in question is ...