A malicious npm package posing as a WhatsApp API intercepts messages, steals credentials, and links attacker devices after 56 ...
The lotusbail NPM package steals WhatsApp credentials, messages, and contacts, and provides persistent access to the victims’ accounts.
A spate of supply chain attacks forces GitHub’s npm to revoke ‘classic’ tokens. Despite this, larger worries about developer ...
Critical n8n flaw CVE-2025-68613 (CVSS 9.9) lets authenticated users run arbitrary code; versions 0.211.0–1.120.4 affected, ...
Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain ...
North Korean hackers intensify their efforts against blockchain and Web3 developers, using nearly 200 malicious npm packages in the ongoing Contagious Interview hacking campaign.
North Korea's 'Contagious Interview' campaign to target job seekers has expanded yet again, this time with a persistent npm package-poisoning game that runs like a well-oiled machine. Threat actors ...
Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. The malicious ...
A new worm is infecting NPM packages en masse and stealing credentials. The code of the malware contains the identifier “SHA1HULUD,” which is why security analysts are calling it “Shai-Hulud 2.0.” ...
The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM (Node Package Manager) registry and publishing stolen data in 30,000 GitHub ...
An activist group has claimed to have scraped millions of tracks from Spotify and is preparing to release them online.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback