Hulud-like Sandworm_Mode supply chain attack targets NPM developers to steal secrets and poison AI assistants.

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...

Ethereum smart contracts used to hide URL to secondary malware payloads in an attack chain triggered by a malicious GitHub repo. Attackers behind a recent supply chain attack that involved rogue ...

The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.

Multiple npm packages published by the crypto exchange, dYdX, and used by at least 44 cryptocurrency projects appear to have been compromised. Powered by the Ethereum blockchain, dydX is a ...

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...

The npm registry now includes Socket security analysis links directly on package pages to help developers assess supply chain risks.

An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and websites. As ...

In today’s 2 Minute Tech Briefing, AI is speeding cyberattacks, cutting breach-to-exfiltration to 72 minutes. A compromised npm token slipped OpenClaw into the Cline CLI, granting wide system and chat ...