New malicious NPM packages have been discovered that install the njRAT remote access trojan that allows hackers to gain control over a computer. NPM is a JavaScript package manager that allows ...

The security team behind the "npm" repository for JavaScript libraries removed two npm packages this Monday for containing malicious code that installed a remote access trojan (RAT) on the computers ...

And it's especially dangerous because the code works A malicious npm package with more than 56,000 downloads masquerades as a ...

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after attackers injected malware into 18 popular packages that together account for ...

Malicious npm package posing as a WhatsApp Web API library operated for months as a functional dependency while stealing ...

Attackers increasingly are using malicious JavaScript packages to steal data, engage in cryptojacking and unleash botnets, offering a wide supply-chain attack surface for threat actors. More than ...

The Node Package Manager, NPM, has become a powerful and important tool, supporting many different JavaScript frameworks — including JQuery, AngularJS, and React JS. If you’re building JavaScript ...

Researchers have identified yet another malicious use for JavaScript packages hosted on the npm registry: hosting files required by automated phishing kits or slipping phishing pages into applications ...

Three JavaScript packages have been removed from the npm portal on Thursday for containing malicious code. According to advisories from the npm security team, the three JavaScript libraries opened ...