#npmsecurity — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #npmsecurity, aggregated by home.social.
-
Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised
https://safedep.io/mini-shai-hulud-strikes-again-314-npm-packages-compromised/
#HackerNews #MiniShaiHulud #npmSecurity #CyberThreats #PackageCompromise #SoftwareVulnerability
-
🔥🚀 Oh, rejoice! Another day, another hack—this time, Bitwarden's CLI couldn't dodge a bullet in the #Checkmarx supply chain campaign. Thank goodness for Socket Research Team, because without them, we'd never know which npm package will ruin our day next! 🙄🔒💥
https://socket.dev/blog/bitwarden-cli-compromised #Bitwarden #SupplyChain #SocketResearch #npmSecurity #HackNews #HackerNews #ngated -
🔥🚀 Oh, rejoice! Another day, another hack—this time, Bitwarden's CLI couldn't dodge a bullet in the #Checkmarx supply chain campaign. Thank goodness for Socket Research Team, because without them, we'd never know which npm package will ruin our day next! 🙄🔒💥
https://socket.dev/blog/bitwarden-cli-compromised #Bitwarden #SupplyChain #SocketResearch #npmSecurity #HackNews #HackerNews #ngated -
🔥🚀 Oh, rejoice! Another day, another hack—this time, Bitwarden's CLI couldn't dodge a bullet in the #Checkmarx supply chain campaign. Thank goodness for Socket Research Team, because without them, we'd never know which npm package will ruin our day next! 🙄🔒💥
https://socket.dev/blog/bitwarden-cli-compromised #Bitwarden #SupplyChain #SocketResearch #npmSecurity #HackNews #HackerNews #ngated -
🔥🚀 Oh, rejoice! Another day, another hack—this time, Bitwarden's CLI couldn't dodge a bullet in the #Checkmarx supply chain campaign. Thank goodness for Socket Research Team, because without them, we'd never know which npm package will ruin our day next! 🙄🔒💥
https://socket.dev/blog/bitwarden-cli-compromised #Bitwarden #SupplyChain #SocketResearch #npmSecurity #HackNews #HackerNews #ngated -
🔥🚀 Oh, rejoice! Another day, another hack—this time, Bitwarden's CLI couldn't dodge a bullet in the #Checkmarx supply chain campaign. Thank goodness for Socket Research Team, because without them, we'd never know which npm package will ruin our day next! 🙄🔒💥
https://socket.dev/blog/bitwarden-cli-compromised #Bitwarden #SupplyChain #SocketResearch #npmSecurity #HackNews #HackerNews #ngated -
Axios npm Account Hijacked, Malware Injected
Axios npm account hijacked, malware injected into popular JavaScript library. Developers using versions 1.14.1 or 0.30.4 are at risk. Learn how to protect your code.
#AxiosAttack, #npmSecurity, #JavaScriptMalware, #CyberSecurity, #SoftwareSupplyChain
https://newsletter.tf/axios-npm-malware-attack-developers-risk/
-
Axios npm Account Hijacked, Malware Injected
Axios npm account hijacked, malware injected into popular JavaScript library. Developers using versions 1.14.1 or 0.30.4 are at risk. Learn how to protect your code.
#AxiosAttack, #npmSecurity, #JavaScriptMalware, #CyberSecurity, #SoftwareSupplyChain
https://newsletter.tf/axios-npm-malware-attack-developers-risk/
-
Axios npm Account Hijacked, Malware Injected
Axios npm account hijacked, malware injected into popular JavaScript library. Developers using versions 1.14.1 or 0.30.4 are at risk. Learn how to protect your code.
#AxiosAttack, #npmSecurity, #JavaScriptMalware, #CyberSecurity, #SoftwareSupplyChain
https://newsletter.tf/axios-npm-malware-attack-developers-risk/
-
Malicious code was put into the popular Axios JavaScript library for 3 hours. This is a new risk for developers using npm.
#AxiosAttack, #npmSecurity, #JavaScriptMalware, #CyberSecurity, #SoftwareSupplyChain
https://newsletter.tf/axios-npm-malware-attack-developers-risk/ -
Malicious code was put into the popular Axios JavaScript library for 3 hours. This is a new risk for developers using npm.
#AxiosAttack, #npmSecurity, #JavaScriptMalware, #CyberSecurity, #SoftwareSupplyChain
https://newsletter.tf/axios-npm-malware-attack-developers-risk/ -
Malicious code was put into the popular Axios JavaScript library for 3 hours. This is a new risk for developers using npm.
#AxiosAttack, #npmSecurity, #JavaScriptMalware, #CyberSecurity, #SoftwareSupplyChain
https://newsletter.tf/axios-npm-malware-attack-developers-risk/ -
Wow, who knew that downloading a seemingly innocent NPM package could lead to your WhatsApp messages being harvested like crops in FarmVille? 🌾📱 Clearly, 56,000 people learned the hard way that trusting random code on the internet is like expecting your cat to respect your personal space. 🐱💻
https://www.koi.ai/blog/npm-package-with-56k-downloads-malware-stealing-whatsapp-messages #NPMsecurity #WhatsAppprivacy #codingrisks #trustissues #cybersecurity #HackerNews #ngated -
Wow, who knew that downloading a seemingly innocent NPM package could lead to your WhatsApp messages being harvested like crops in FarmVille? 🌾📱 Clearly, 56,000 people learned the hard way that trusting random code on the internet is like expecting your cat to respect your personal space. 🐱💻
https://www.koi.ai/blog/npm-package-with-56k-downloads-malware-stealing-whatsapp-messages #NPMsecurity #WhatsAppprivacy #codingrisks #trustissues #cybersecurity #HackerNews #ngated -
Wow, who knew that downloading a seemingly innocent NPM package could lead to your WhatsApp messages being harvested like crops in FarmVille? 🌾📱 Clearly, 56,000 people learned the hard way that trusting random code on the internet is like expecting your cat to respect your personal space. 🐱💻
https://www.koi.ai/blog/npm-package-with-56k-downloads-malware-stealing-whatsapp-messages #NPMsecurity #WhatsAppprivacy #codingrisks #trustissues #cybersecurity #HackerNews #ngated -
Wow, who knew that downloading a seemingly innocent NPM package could lead to your WhatsApp messages being harvested like crops in FarmVille? 🌾📱 Clearly, 56,000 people learned the hard way that trusting random code on the internet is like expecting your cat to respect your personal space. 🐱💻
https://www.koi.ai/blog/npm-package-with-56k-downloads-malware-stealing-whatsapp-messages #NPMsecurity #WhatsAppprivacy #codingrisks #trustissues #cybersecurity #HackerNews #ngated -
A simple typo could be the door hackers use to break in. Malicious npm packages with nearly identical names are now tricking developers to steal credentials and data. Curious how a spelling error can lead to major breaches?
#npmsecurity
#typosquatting
#supplychainattack
#malware
#infostealer -
Could a simple QR code hide a hidden threat? The fezbox npm incident revealed malware camouflaged inside a QR code, challenging everything we thought we knew about cybersecurity. Read on to see how attackers are outsmarting traditional defenses.
#qrsecurity
#steganography
#npmsecurity
#malwaredetection
#cyberattacktrends -
A QR code turned Trojan horse? A crafty npm package used hidden QR codes to smuggle cookie-stealing malware, evading detection in plain sight. How safe is our open-source world?
#qrsecurity
#steganography
#npmsecurity
#malwaredetection
#cyberattacktrends -
Could a simple QR code hide a hidden threat? The fezbox npm incident revealed malware camouflaged inside a QR code, challenging everything we thought we knew about cybersecurity. Read on to see how attackers are outsmarting traditional defenses.
#qrsecurity
#steganography
#npmsecurity
#malwaredetection
#cyberattacktrends -
A QR code turned Trojan horse? A crafty npm package used hidden QR codes to smuggle cookie-stealing malware, evading detection in plain sight. How safe is our open-source world?
#qrsecurity
#steganography
#npmsecurity
#malwaredetection
#cyberattacktrends -
Could a simple QR code hide a hidden threat? The fezbox npm incident revealed malware camouflaged inside a QR code, challenging everything we thought we knew about cybersecurity. Read on to see how attackers are outsmarting traditional defenses.
#qrsecurity
#steganography
#npmsecurity
#malwaredetection
#cyberattacktrends -
A QR code turned Trojan horse? A crafty npm package used hidden QR codes to smuggle cookie-stealing malware, evading detection in plain sight. How safe is our open-source world?
#qrsecurity
#steganography
#npmsecurity
#malwaredetection
#cyberattacktrends -
Npm packages are under siege. How did attackers use trusted developer tools to weave a self-spreading threat across the open-source community? Find out how the Shai-Hulud attack could change software security forever.
#shaihuludattack
#softwaresupplychain
#npmsecurity
#cyberthreats
#opensourcevulnerabilities -
Npm packages are under siege. How did attackers use trusted developer tools to weave a self-spreading threat across the open-source community? Find out how the Shai-Hulud attack could change software security forever.
#shaihuludattack
#softwaresupplychain
#npmsecurity
#cyberthreats
#opensourcevulnerabilities -
Npm packages are under siege. How did attackers use trusted developer tools to weave a self-spreading threat across the open-source community? Find out how the Shai-Hulud attack could change software security forever.
#shaihuludattack
#softwaresupplychain
#npmsecurity
#cyberthreats
#opensourcevulnerabilities -
Npm packages are under siege. How did attackers use trusted developer tools to weave a self-spreading threat across the open-source community? Find out how the Shai-Hulud attack could change software security forever.
#shaihuludattack
#softwaresupplychain
#npmsecurity
#cyberthreats
#opensourcevulnerabilities -
Npm packages are under siege. How did attackers use trusted developer tools to weave a self-spreading threat across the open-source community? Find out how the Shai-Hulud attack could change software security forever.
#shaihuludattack
#softwaresupplychain
#npmsecurity
#cyberthreats
#opensourcevulnerabilities -
Although npm has been compromised, your site is probably not affected. Read this article to help you keep calm and avoid panicking, while still keeping an eye on web security:
https://metadrop.net/en/articles/npm-compromised-you-are-probably-not-risk
-
Great analysis of the malware distributed with the esling-config-prettier NPM package compromise on Friday: https://c-b.io/2025-07-20+-+Install+Linters%2C+Get+Malware+-+DevSecOps+Speedrun+Edition
By c-b.io on Bluesky / cyb3rjerry on Twitter :D
#malwareanalysis #reverseengineering #infosec #npm #npmsecurity #malware #reversing
-
A breach in 16 popular NPM packages rocked the JavaScript world—malicious code gave attackers a backdoor right into trusted projects. How secure are your dependencies?
#supplychainattack
#npmsecurity
#javascript
#cybersecurity
#malware -
The rise of malicious npm packages—like `xlsx-to-json-lh` mimicking `xlsx-to-json-lc`—raises urgent questions. Should npm enforce name uniqueness and vetting to stop supply chain attacks, or risk stifling its open ecosystem? #NpmSecurity #OpenSourceRisks #Cybersecurity
-
The rise of malicious npm packages—like `xlsx-to-json-lh` mimicking `xlsx-to-json-lc`—raises urgent questions. Should npm enforce name uniqueness and vetting to stop supply chain attacks, or risk stifling its open ecosystem? #NpmSecurity #OpenSourceRisks #Cybersecurity
-
The rise of malicious npm packages—like `xlsx-to-json-lh` mimicking `xlsx-to-json-lc`—raises urgent questions. Should npm enforce name uniqueness and vetting to stop supply chain attacks, or risk stifling its open ecosystem? #NpmSecurity #OpenSourceRisks #Cybersecurity
-
WhatsApp devs, beware: rogue npm packages disguised as legit libraries can unleash a data wipe (rm -rf *) and hide a secret exfiltration function. How safe is your code when even kill switches are in play? Dive deeper.
https://thedefendopsdiaries.com/unmasking-malicious-npm-packages-targeting-whatsapp-developers/
#npmsecurity
#whatsappdevelopers
#supplychainattack
#cybersecurity
#maliciouspackages -
WhatsApp devs, beware: rogue npm packages disguised as legit libraries can unleash a data wipe (rm -rf *) and hide a secret exfiltration function. How safe is your code when even kill switches are in play? Dive deeper.
https://thedefendopsdiaries.com/unmasking-malicious-npm-packages-targeting-whatsapp-developers/
#npmsecurity
#whatsappdevelopers
#supplychainattack
#cybersecurity
#maliciouspackages -
WhatsApp devs, beware: rogue npm packages disguised as legit libraries can unleash a data wipe (rm -rf *) and hide a secret exfiltration function. How safe is your code when even kill switches are in play? Dive deeper.
https://thedefendopsdiaries.com/unmasking-malicious-npm-packages-targeting-whatsapp-developers/
#npmsecurity
#whatsappdevelopers
#supplychainattack
#cybersecurity
#maliciouspackages -
Some npm packages disguised as helpful utilities have been found wiping entire directories. How are these digital saboteurs sneaking into projects, and what can you do to stop them? Find out more.
#npmsecurity
#maliciouspackages
#softwaredevelopment
#cybersecurity
#supplychainsecurity -
Some npm packages disguised as helpful utilities have been found wiping entire directories. How are these digital saboteurs sneaking into projects, and what can you do to stop them? Find out more.
#npmsecurity
#maliciouspackages
#softwaredevelopment
#cybersecurity
#supplychainsecurity -
Some npm packages disguised as helpful utilities have been found wiping entire directories. How are these digital saboteurs sneaking into projects, and what can you do to stop them? Find out more.
#npmsecurity
#maliciouspackages
#softwaredevelopment
#cybersecurity
#supplychainsecurity -
Ever downloaded a package that turned out to be a Trojan? Malicious NPM packages are using typosquatting and stealth tactics to sneak into development environments. How secure is your code?
#npmsecurity
#maliciouspackages
#softwaredevelopment
#cybersecurity
#dataprotection -
Ever downloaded a package that turned out to be a Trojan? Malicious NPM packages are using typosquatting and stealth tactics to sneak into development environments. How secure is your code?
#npmsecurity
#maliciouspackages
#softwaredevelopment
#cybersecurity
#dataprotection -
Ever downloaded a package that turned out to be a Trojan? Malicious NPM packages are using typosquatting and stealth tactics to sneak into development environments. How secure is your code?
#npmsecurity
#maliciouspackages
#softwaredevelopment
#cybersecurity
#dataprotection