npm
Hackers Exploit npm Supply Chain to Gain AWS Admin Access
A Google report reveals how a stolen developer token from last year’s nx package attack was used to breach a victim’s cloud environment, create an…
Open Source Malware Surges Nearly 73% in 2025, Cybersecurity Report Shows
The number of malicious open source software packages discovered in 2025 jumped dramatically, with detections rising by about 73% compared with 2024, cybersecurity analysts say,…
Developers Hit as Fake WhatsApp API Package Emerges on npm
Security researchers discovered a fake WhatsApp API package on npm that steals developer credentials, raising fresh alarms about the growing risks facing the open source…
Massive npm Supply-Chain Attack: Shai-Hulud Worm Infects Over 180 Packages
A new, alarming software supply-chain attack dubbed ‘Shai-Hulud’ has been uncovered targeting the JavaScript npm ecosystem. Researchers from several security firms, including Palo Alto Networks…
Critical npm Supply Chain Attack Exposes Global Firms
A critical supply chain compromise has been disclosed in the npm JavaScript ecosystem, exposing enterprises worldwide to risks of cryptocurrency theft, credential leakage, and unauthorized…
