Bleeping Computer

npm packages caught serving TurkoRAT binaries that mimic NodeJS

Researchers have discovered multiple npm packages named after NodeJS libraries that even pack a Windows executable that resembles NodeJS but instead drops a sinister trojan. These packages, given ...
CSOonline

Malicious code in the Node.js npm registry shakes open source trust model

Bad actors using typo-squatting place 39 malicious packages in npm that went undetected for two weeks. How should the open source community respond? Software development relies heavily on trust, ...
ZDNet

Malicious npm packages caught installing remote access trojans

The security team behind the "npm" repository for JavaScript libraries removed two npm packages this Monday for containing malicious code that installed a remote access trojan (RAT) on the computers ...
Bleeping Computer

NPM supply-chain attack impacts hundreds of websites and apps

An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and websites. As ...
techtimes

Warning: Malicious JavaScript Library Posing as Twilio-Related Libraries Opens Vulnerabilities to Programmers' Computer

The npm security team has just recently removed a malicious JavaScript library from the npm website that contains malicious code that can be used for opening backdoors on certain programmers' ...
ZDNet

Hacker backdoors popular JavaScript library to steal Bitcoin funds

A hacker has gained (legitimate) access to a popular JavaScript library and has injected malicious code that steals Bitcoin and Bitcoin Cash funds stored inside BitPay's Copay wallet apps. The ...
heise online

Web security: With content security policy against cross-site scripting, part 1

Cross-site scripting (XSS) remains a serious threat, even though the most commonly used front-end frameworks come with many security functions as standard. Frameworks such as React or Angular offer ...