Contact DMCA Privacy

Robuta

Sponsor of the Day: Jerkmate
https://thehackernews.com/2022/10/lofygang-distributed-200-malicious-npm.html LofyGang Distributed ~200 Malicious NPM Packages to Steal Credit Card Data A hacker group called LofyGang distributed nearly 200 trojanized packages on the NPM open source repository that steals credit card information. malicious npm packagescredit carddistributed200steal https://www.aikido.dev/protect/safe-chain Stop Malicious npm Packages | Aikido Safe Chain Prevent developers from installing malicious code. Free to use, no tokens required malicious npm packagesstopaikidosafechain https://threatpost.com/malicious-npm-discord/180327/ Malicious Npm Packages Tapped Again to Target Discord Users | Threatpost Jul 29, 2022 - Recent LofyLife campaign steals tokens and infects client files to monitor various user actions, such as log-ins, password changes and payment methods. malicious npm packagesdiscord userstappedtargetthreatpost https://research.jfrog.com/post/ghostclaw-unmasked/ GhostClaw Unmasked: A Malicious npm Package Impersonating OpenClaw to Steal Everything - JFrog... The JFrog Security research team has identified a malicious npm package named @openclaw-ai/openclawai. This package masquerades as a legitimate CLI tool called malicious npm packageghostclawunmaskedimpersonatingopenclaw https://pastebin.com/P92bU5fb?source=archive Manipulated File in Malicious NPM Packages - Pastebin.com Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time. malicious npm packagesmanipulatedfilepastebin https://safedep.io/malicious-js-logger-pack-npm-stealer/ Malicious npm Package js-logger-pack Ships a Multi-Platform WebSocket Stealer - Real-time Open... js-logger-pack spent three weeks on npm evolving from a probe into a full infostealer and then a binary dropper. Early versions installed an SSH backdoor,... malicious npm packagereal time openmulti platformjslogger https://www.spartechsoftware.com/cybersecurity-news/ai-generated-malicious-npm-package-targets-solana-wallets-drains-crypto-from-1500-users-before-being-taken-down/ AI-generated malicious npm package targets Solana wallets. Drains crypto from 1,500 users before... Aug 1, 2025 - A newly discovered, AI-generated malicious npm package targeting Solana wallet users has resulted in significant cryptocurrency losses before it was taken... malicious npm packageai generatedsolana wallets1 500targets https://safedep.io/malicious-npm-strapi-plugin-events-c2-agent/ Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2 -... A coordinated campaign of thirty-six malicious npm packages published by four sock-puppet accounts (umarbek1233, kekylf12, tikeqemif26, and umar_bektembiev1)... thirty sixmalicious npmdeploy redisstrapipackages https://www.infosecurity-magazine.com/news/malicious-npm-packages-steal/ Malicious Npm Packages Designed to Steal Discord Tokens - Infosecurity Magazine Jun 11, 2025 - Kaspersky claims malware also steals card data malicious npm packagesinfosecurity magazinedesignedstealdiscord https://www.csoonline.com/article/4162257/malicious-pgserve-automagik-developer-tools-found-in-npm-registry-2.html Malicious pgserve, automagik developer tools found in npm registry | CSO Online Apr 22, 2026 - Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ‘a complete organizational... developer toolsnpm registrycso onlinemaliciouspgserve https://www.infosecurity-magazine.com/news/indonesianfoods-npm-worm-44000/ “IndonesianFoods” npm Worm Publishes 44,000 Malicious Packages - Infosecurity Magazine Mar 17, 2026 - A new npm worm dubbed “IndonesianFoods” has doubled the number of known malicious packages npm worm44 000malicious packagesinfosecurity magazinepublishes https://www.sonatype.com/blog/axios-compromise-on-npm-introduces-hidden-malicious-package Axios Compromise on npm Introduces Hidden Malicious Package Apr 2, 2026 - Malicious axios versions introduced a hidden dependency, exposing systems via npm supply chain attack, targeting trusted packages and dependencies. axioscompromisenpmintroduceshidden https://www.stepsecurity.io/blog/pgserve-compromised-on-npm-malicious-versions-harvest-credentials CanisterSprawl: pgserve Compromised on npm: Malicious Versions Harvest Credentials and Exfiltrate... On April 21, 2026, malicious versions of pgserve were published to npm. pgserve is an embedded PostgreSQL server for development — zero config,... pgservecompromisednpmmaliciousversions https://safedep.io/malicious-velora-dex-sdk-npm-compromised-rat/ Malicious @velora-dex/sdk Delivers Go RAT via npm - Real-time Open Source Software Supply Chain... Version 9.4.1 of @velora-dex/sdk, a DeFi SDK with ~2,000 weekly downloads, was compromised to deliver a Go-based remote access trojan (minirat) targeting macOS... real time opensource software supplydelivers govia npmmalicious https://www.infoworld.com/article/4162198/malicious-pgserve-automagik-developer-tools-found-in-npm-registry.html Malicious pgserve, automagik developer tools found in npm registry | InfoWorld Apr 22, 2026 - Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ‘a complete organizational... developer toolsnpm registrymaliciouspgserveautomagik