Advertisement
Anthropic Claude Code Source Code Leaked via NPM Registry
Anthropic accidentally exposed proprietary source code for its Claude Code CLI tool on the public npm registry. Analyze the technical impact and risks.
Axios npm Package Hijacked: Cross-Platform Malware Distribution
Analysis of the Axios npm package hijack distributing remote access trojans to Linux, Windows, and macOS systems. Learn to protect your software supply chain.
npm Ghost Campaign: 7 Malicious Packages Steal Crypto Wallets
ReversingLabs uncovers the Ghost campaign targeting developers with 7 malicious npm packages designed to exfiltrate cryptocurrency wallets and credentials.
Trivy Supply Chain Attack Spreads CanisterWorm via 47 npm Packages
Attackers compromise 47 npm packages using CanisterWorm, a self-propagating threat leveraging ICP canisters following a major Trivy supply chain attack.
npm Malware @openclaw-ai/openclawai: macOS Credential Theft Alert
Security alert for @openclaw-ai/openclawai, a malicious npm package targeting macOS users to deploy remote access trojans and steal sensitive credentials.
North Korean Malicious npm Packages: Detecting Contagious Interview
North Korean actors published 26 malicious npm packages using Pastebin as a C2 dead drop resolver in a new Contagious Interview campaign iteration.
SANDWORM_MODE: Malicious npm Cluster Automates Secret Harvesting and Crypto Theft
Security researchers have identified a coordinated campaign involving 19 malicious npm packages designed to exfiltrate CI/CD secrets, API tokens, and private cryptocurrency keys.
Malicious npm Package Targets React Developers with Backdoored Polyfill
A typosquatted npm package mimicking a popular React utility has been downloaded over 47,000 times before removal. The package contained an obfuscated backdoor capable of exfiltrating environment variables and SSH keys.