Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
Cybersecurity researchers have uncovered a new set of malicious npm packages that…
North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware
The North Korean threat actors behind the Contagious Interview campaign, also tracked…
npm’s Update to Harden Their Supply Chain, and Points to Consider
The Hacker NewsFeb 13, 2026Supply Chain Security / DevSecOps In December 2025,…
Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow
Jan 14, 2026Ravie LakshmananApplication Security / Vulnerability Node.js has released updates to…
Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers
Oct 10, 2025Ravie LakshmananRansomware / Data Theft Cybersecurity researchers have disclosed details…
Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps
Jul 30, 2025Ravie LakshmananCryptocurrency / Browser Security Cybersecurity researchers are calling attention…
New PHP-Based Interlock RAT Variant Uses FileFix Delivery Mechanism to Target Multiple Industries
Jul 14, 2025Ravie LakshmananMalware / Web Security Threat actors behind the Interlock…
Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers
May 01, 2025Ravie LakshmananMalware / Web Skimming Cybersecurity researchers have shed light…
Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems
Apr 19, 2025Ravie LakshmananLinux / Malware Cybersecurity researchers have uncovered three malicious…