npm Archives • Penetration Testing Tools

Supply Chain Attack WhatsApp Ban WhatsApp Russia

August 9, 2025

Your Code Is Not Safe: Malicious NPM Packages Are Deleting Files

Two malicious packages have been discovered in the NPM ecosystem, disguised as libraries for building bots and automated services using the WhatsApp Business API. Identified by researchers at Socket, these modules mimicked popular WhatsApp...

Lazarus Group Moobot botnet Ransomware War

Cybercriminals

August 5, 2025

Lazarus Group’s Covert Supply Chain Attack: North Korean APT Poisons Open Source to Steal Developer Secrets

In the first half of 2025, Sonatype uncovered a large-scale, ongoing assault on the open-source software ecosystem, orchestrated by the North Korean threat actor known as Lazarus. Sonatype’s automated malware detection systems were the...

Malware

August 5, 2025

AI is the New Malware: AI-Generated Python Package Infects 1,500+ with Stealthy Crypto-Stealer

A malicious package discovered in the NPM ecosystem by researchers at Safety turned out to be far more than a simple trojan for cryptocurrency theft—it stood as a striking example of an attack orchestrated...

Cybercriminals

July 25, 2025

npm Supply Chain Attack Exposes Devs to “Scavenger” Malware Via Phished Accounts

A major incident has rocked the npm ecosystem: the widely-used package eslint-config-prettier suddenly received an update devoid of any corresponding changes on GitHub. Developers quickly grew suspicious—and with good reason. The package’s maintainer later...

Cybercriminals

July 22, 2025

npm Supply Chain Attack Exploited in the Wild – Phishing Steals Maintainer Tokens, Injects Malware into Popular Packages

Hackers have successfully injected malicious code into popular npm packages by leveraging a phishing campaign against project maintainers. The attackers orchestrated a targeted campaign aimed at developers stewarding key projects and managed to steal...

Vulnerability

July 9, 2025

AI Coding Assistants Under Attack: “Slopsquatting” Malware Exploits AI Hallucinations for Supply Chain Compromise

A new threat has emerged in the realm of AI-assisted programming, known as “slopsquatting.” This attack has become particularly dangerous amid the surging popularity of AI coding assistants like Claude Code CLI, OpenAI Codex...

Malware

June 27, 2025

North Korean APT Launches Massive npm Supply Chain Attack: Typosquatting & Fake Jobs Steal Crypto from Devs

A new wave of malicious npm packages has been uncovered, linked to the ongoing Contagious Interview operation, which has been attributed to North Korean threat actors. The discovery was made by the cybersecurity firm...

Technology

April 17, 2020

GitHub has completed its acquisition of npm

GitHub issued an announcement that GitHub has completed the acquisition of npm. From the announcement of the acquisition to the completion of the acquisition, exactly one month has passed. On March 17, GitHub CEO...

Technology

March 17, 2020

GitHub announces the formal acquisition of JavaScript package manager, npm

Today, Microsoft bought npm for GitHub. Information about the acquisition was published by GitHub CEO Nat Friedman. npm is a package manager for the JavaScript programming language. It is the default package manager for...

Tagged: npm

Your Code Is Not Safe: Malicious NPM Packages Are Deleting Files

Lazarus Group’s Covert Supply Chain Attack: North Korean APT Poisons Open Source to Steal Developer Secrets

AI is the New Malware: AI-Generated Python Package Infects 1,500+ with Stealthy Crypto-Stealer

npm Supply Chain Attack Exposes Devs to “Scavenger” Malware Via Phished Accounts

npm Supply Chain Attack Exploited in the Wild – Phishing Steals Maintainer Tokens, Injects Malware into Popular Packages

AI Coding Assistants Under Attack: “Slopsquatting” Malware Exploits AI Hallucinations for Supply Chain Compromise

GitHub has completed its acquisition of npm

GitHub announces the formal acquisition of JavaScript package manager, npm

Search

Brilliantly

Content & Links