Ethereum smart contracts used to hide URL to secondary malware payloads in an attack chain triggered by a malicious GitHub repo. Attackers behind a recent supply chain attack that involved rogue ...
Cryptopolitan on MSN
Cybersecurity researchers uncover GhostLoader malware hidden in fake OpenClaw npm package
A malicious npm package disguised as a legitimate AI tool to install the virally popular OpenClaw, but designed to steal system passwords and crypto wallets, has been identified by cybersecurity ...
UNC6426 used stolen GitHub tokens from the 2025 nx npm breach to gain AWS admin access in under 72 hours, enabling data theft and cloud destruction.
Multiple npm packages published by the crypto exchange, dYdX, and used by at least 44 cryptocurrency projects appear to have been compromised. Powered by the Ethereum blockchain, dydX is a ...
New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.
Four packages containing highly obfuscated malicious Python and JavaScript code were discovered this week in the Node Package Manager (npm) repository. According to a report from Kaspersky, the ...
The open-source project npmx is used for fast searching of npm packages. It focuses on UX, displays vulnerability warnings, and offers a dark mode.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results