While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level. Read now DevOps security firm JFrog discovered 17 ...

Security researchers from Reversing Labs find two malicious packages on npm These serve as downloaders and target software developers building on the Ethereum blockchain The malware opens a reverse ...

"People downloading open source packages should take extra care in making sure the item they’re downloading is legitimate and not malware masquerading as something legitimate." Click to expand ...

The CursedGrabber malware has infiltrated the open-source software code repository. Three malicious software packages have been published to npm, a code repository for JavaScript developers to share ...

An apparent "Dune" aficionado is responsible for perpetrating the first self-propagating attack on the npm JavaScript repository in what a security company has described as being one of the most ...

A novel timing attack has emerged for targeting private corporate software packages hosted in the npm code repository. The goal is to uncover the legitimate offerings and then create malicious public ...

In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems via ChromePass. A credentials-stealing code bomb that uses legitimate password ...

A malicious package was removed today from the npm repository after it was discovered that it stole login information from the computers it was installed on. The npm repository is a popular online ...