npm

Warning: Malicious npm Packages Targeting React, Vue, Vite with Destructive Payloads

2 min read

• Security

Warning: Malicious npm Packages Targeting React, Vue, Vite with Destructive Payloads

Do Son May 29, 2025

Researchers at Socket have uncovered over 60 malicious packages in the npm registry that covertly harvest data...

Read More Read more about Warning: Malicious npm Packages Targeting React, Vue, Vite with Destructive Payloads

Malicious npm Package Uses Steganography and Google Calendar for Covert Attack

2 min read

• Security

Malicious npm Package Uses Steganography and Google Calendar for Covert Attack

Do Son May 17, 2025

Malicious actors have once again targeted the npm ecosystem, this time through a package named “os-info-checker-es6”, which...

Read More Read more about Malicious npm Package Uses Steganography and Google Calendar for Covert Attack

“Cheapest Cursor API” Hides Backdoor: macOS Developers Targeted in Supply Chain Attack

2 min read

• Security

“Cheapest Cursor API” Hides Backdoor: macOS Developers Targeted in Supply Chain Attack

Do Son May 13, 2025

Researchers at Socket have uncovered a new attack targeting the macOS version of the popular source code...

Read More Read more about “Cheapest Cursor API” Hides Backdoor: macOS Developers Targeted in Supply Chain Attack

Malicious ‘discordpydebug’ Package on PyPI Steals Data with RAT

2 min read

• Security

Malicious ‘discordpydebug’ Package on PyPI Steals Data with RAT

Do Son May 9, 2025

Researchers have uncovered a malicious package in the PyPI repository, masquerading as a utility for working with...

Read More Read more about Malicious ‘discordpydebug’ Package on PyPI Steals Data with RAT

Malicious Packages Found Destroying Data and Stealing Crypto Keys

2 min read

• Security

Malicious Packages Found Destroying Data and Stealing Crypto Keys

Do Son May 6, 2025

Three malicious components have been discovered within the Go programming module ecosystem, capable of triggering complete data...

Read More Read more about Malicious Packages Found Destroying Data and Stealing Crypto Keys

Malicious Code Injected into XRP Library, Wallets at Risk

2 min read

• Security

Malicious Code Injected into XRP Library, Wallets at Risk

Do Son April 23, 2025

The threat of software supply chain compromise has once again resurfaced: the Ripple-recommended library “xrpl.js”, used for...

Read More Read more about Malicious Code Injected into XRP Library, Wallets at Risk

Counterfeit npm Libraries Used in Sophisticated Supply Chain Attack

2 min read

• Security

Counterfeit npm Libraries Used in Sophisticated Supply Chain Attack

Do Son April 22, 2025

Experts at Socket have uncovered a new software supply chain attack involving counterfeit npm libraries masquerading as...

Read More Read more about Counterfeit npm Libraries Used in Sophisticated Supply Chain Attack

Malicious npm Package Hijacks Cryptocurrency Wallets in Supply Chain Attack

2 min read

• Security

Malicious npm Package Hijacks Cryptocurrency Wallets in Supply Chain Attack

Do Son April 12, 2025

Software supply chain attacks are becoming increasingly sophisticated, with malicious actors disguising harmful code as legitimate libraries...

Read More Read more about Malicious npm Package Hijacks Cryptocurrency Wallets in Supply Chain Attack