Hulud-like Sandworm_Mode supply chain attack targets NPM developers to steal secrets and poison AI assistants.

In short, npm has taken an important step forward by eliminating permanent tokens and improving defaults. Until short-lived, ...

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...

A self-replicating npm worm dubbed SANDWORM_MODE hits 19+ packages, harvesting private keys, BIP39 mnemonics, wallet files and LLM API keys from dev environments.

Security experts have warned that a newly discovered supply chain attack targeting npm packages is still active and may already have impacted 10% of cloud environments. On Monday, a threat actor ...

An npm package named 'rand-user-agent' has been compromised in a supply chain attack to inject obfuscated code that activates a remote access trojan (RAT) on the user's system. The 'rand-user-agent' ...

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...

Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers.

A newly identified North Korean threat actor has widened its distribution of malicious node package manager (npm) code to public registries. And it's differentiating itself from other state-sponsored ...

That it's an abbreviation is not really relevant here. It sort of stands for "node package manager" but that really doesn't tell you anything. It consists of a command line client, also called npm, ...