九个存在九年的 npm 软件包遭劫持 通过混淆脚本窃取 API 密钥
这些JavaScript代码会在软件包安装后立即执行,专门窃取API密钥、访问令牌、SSH密钥等敏感数据,并将其外泄至远程服务器 ("eoi2ectd5a5tn1h.m.pipedream [.]net")。
Security Boulevard9 天
Malware found on npm infecting local package with reverse shell
Unlike some other public repositories, the npm package repository is never really quiet. And, while there has been some ...
CSO Online7 天
Malicious npm packages found to create a backdoor in legitimate code
Researchers found malicious packages on the npm registry that, when installed, inject malicious code into legitimate npm ...
New npm attack poisons local packages with backdoors
Two malicious packages were discovered on npm (Node package manager) that covertly patch legitimate, locally installed ...
Malicious npm packages use devious backdoors to target users
Security researchers from Reversing Labs find two malicious packages on npm These serve as downloaders and target software ...
The Nation Online2 天
NPM mid-year awards 2025 voting begins
The country’s leading business and entrepreneurship Magazine, National Product Magazine (NPM), has announced the commencement ...
The Hacker News7 天
Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts
Twelve npm packages hijacked via compromised maintainer accounts to exfiltrate secrets using obfuscated scripts.
Infostealer campaign compromises 10 npm packages, targets devs
Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data ...
Vivani Medical to focus on developing NPM-115, NPM-139, emerging pipeline
NPM-139 and its emerging pipeline of innovative miniature, ultra long-acting drug implants to treat patients with chronic diseases and high unmet medical need. The recent preclinical demonstration of ...
Vivani Medical Announces Positive Preclinical Weight Loss Data for NPM-139 Semaglutide ...
NanoPortal™ technology successfully delivers semaglutide, the active ingredient in Ozempic®/Wegovy®, in a preclinical study ...