items/1213063/related \ stacker news

pull down to refresh

We Just Found Malicious Code in the Popular NPM Package jdstaerk.substack.com/p/we-just-found-malicious-code-in-the

1497 sats \ 18 comments \ @kristapsk 8 Sep 2025 security

related

Compromised npm package silently installs OpenClaw on developer machines www.csoonline.com/article/4135449/compromised-npm-package-silently-installs-openclaw-on-developer-machines.html

422 sats \ 4 comments \ @winteryeti 24 Feb AI

Malicious NPM Package Posing as OpenClaw Installer Deploys RAT, Steals OS Data thehackernews.com/2026/03/malicious-npm-package-posing-as.html

144 sats \ 0 comments \ @ch0k1 8h news

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens thehackernews.com/2026/02/malicious-npm-packages-harvest-crypto.html

30 sats \ 0 comments \ @winteryeti 25 Feb tech

'Sha1-Hulud' npm malware is back

377 sats \ 0 comments \ @anon 28 Nov 2025 lightning

Tinycolor npm Package Compromised in (another) Supply Chain Attack socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages

1053 sats \ 3 comments \ @aljaz 16 Sep 2025 security

PhantomRaven: NPM Malware Hidden in Invisible Dependencies www.koi.ai/blog/phantomraven-npm-malware-hidden-in-invisible-dependencies

389 sats \ 2 comments \ @kepford 30 Oct 2025 security

NPM debug and chalk packages compromised www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised

263 sats \ 0 comments \ @hn 8 Sep 2025 tech

NPM security: preventing supply chain attacks | Snyk (2022)snyk.io/blog/npm-security-preventing-supply-chain-attacks/

517 sats \ 20 comments \ @ek 9 Sep 2025 security

Bogus npm Packages Used to Trick Software Developers into Installing Malware thehackernews.com/2024/04/bogus-npm-packages-used-to-trick.html?m=1

52 sats \ 1 comment \ @ch0k1 28 Apr 2024 security

Self Propagating NPM Malware Compromises over 40 Packages www.stepsecurity.io/blog/ctrl-tinycolor-and-40-npm-packages-compromised

130 sats \ 0 comments \ @hn 16 Sep 2025 tech

Over 100,000 Infected Repos Found on GitHub

1697 sats \ 6 comments \ @0xbitcoiner 29 Feb 2024 security

Experts found 3 malicious packages hiding crypto miners in PyPi repository securityaffairs.com/156897/malware/malicious-packages-pypi-repository.html

813 sats \ 2 comments \ @Gian 5 Jan 2024 security

How we rebuilt Next.js with AI in one week blog.cloudflare.com/vinext/

1683 sats \ 4 comments \ @winteryeti 26 Feb tech

Self-Replicating Worm Hits 180+ Software Packages krebsonsecurity.com/2025/09/self-replicating-worm-hits-180-software-packages/

75 sats \ 0 comments \ @ch0k1 16 Sep 2025 news

Snyk security researcher deploys malicious NPM packages targeting Cursor.com sourcecodered.com/snyk-malicious-npm-package/

134 sats \ 0 comments \ @hn 14 Jan 2025 tech

NPM hack was mentioned multiple times on SN before yesterday

145 sats \ 4 comments \ @h6j5dhc567g 9 Sep 2025 bitdevs

I built an npm library for L402 Lightning payments

1312 sats \ 1 comment \ @satpath 25 Feb lightning devs

We have identified and removed a malicious version of the Ledger Connect Kit twitter.com/Ledger/status/1735291427100455293

1916 sats \ 16 comments \ @0xbitcoiner 14 Dec 2023 bitcoin

Malicious Python Packages Replace Crypto Addresses in Developer Clipboards blog.phylum.io/pypi-malware-replaces-crypto-addresses-in-developers-clipboard

334 sats \ 3 comments \ @rijndael 7 Nov 2022 bitcoin

NPM Supply-Chain Attack - check your code for vulnerabilities jdstaerk.substack.com/p/we-just-found-malicious-code-in-the

150 sats \ 0 comments \ @nkmg1c_ventures 8 Sep 2025 devs

Chrome Extension Turns Malicious After Ownership Transfer thehackernews.com/2026/03/chrome-extension-turns-malicious-after.html

68 sats \ 1 comment \ @ch0k1 9 Mar news