Bleeping Computer

Malicious Rspack, Vant packages published using stolen NPM tokens

Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers.
The Hacker News

Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages

Security researchers found 3 npm packages that installed NodeCordRAT malware, stealing browser data, crypto wallet secrets & ...
CSOonline

Malicious npm packages use Ethereum blockchain for malware delivery

Ethereum smart contracts used to hide URL to secondary malware payloads in an attack chain triggered by a malicious GitHub repo. Attackers behind a recent supply chain attack that involved rogue ...
Bleeping Computer

Blockchain dev's wallet emptied in "job interview" using npm package

A blockchain developer shares his ordeal over the holidays when he was approached on LinkedIn by a "recruiter" for a web development job. The recruiter in question asked the developer to download npm ...
Ars Technica

NPM flooded with malicious packages downloaded more than 86,000 times

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection. The finding, ...
Forbes

New Security Breach Threatens Crypto And Everyday Apps

Forbes contributors publish independent expert analyses and insights. A serious security breach has sent shockwaves through both everyday online services and the cryptocurrency world. At the center is ...