101010.pl

Chris WysopalAre you reviewing your NPM dependancies for malicious code? <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener" target="_blank">#devsecops</a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#appsec</a> <a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> <a href="https://www.scworld.com/news/complex-npm-attack-uses-7-plus-layers-of-obfuscation-to-spread-pulsar-rat" rel="nofollow noopener" translate="no" target="_blank">https://www.scworld.com/news/complex-npm-attack-uses-7-plus-layers-of-obfuscation-to-spread-pulsar-rat</a>

The New Oil<a href="https://mastodon.thenewoil.org/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> found in <a href="https://mastodon.thenewoil.org/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#NPM</a> packages with 1 million weekly downloads<a href="https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-gluestack-npm-packages-with-960k-weekly-downloads/" rel="nofollow noopener" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-gluestack-npm-packages-with-960k-weekly-downloads/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a>

The New OilMalicious <a href="https://mastodon.thenewoil.org/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> packages posing as utilities delete project directories<a href="https://www.bleepingcomputer.com/news/security/malicious-npm-packages-posing-as-utilities-delete-project-directories/" rel="nofollow noopener" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/malicious-npm-packages-posing-as-utilities-delete-project-directories/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a>

Hackread.com🚨 Hidden backdoors found in npm packages allow attackers to remotely wipe entire systems, raising serious supply chain security concerns. Read: <a href="https://hackread.com/backdoors-npm-packages-attackers-wipe-systems/" rel="nofollow noopener" translate="no" target="_blank">https://hackread.com/backdoors-npm-packages-attackers-wipe-systems/</a><a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://mstdn.social/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#NPM</a> <a href="https://mstdn.social/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://mstdn.social/tags/Backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#Backdoor</a> <a href="https://mstdn.social/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevOps</a>

Hackread.com🚨 New: Backdoors found in Python & NPM packages targeting Windows & Linux! Attackers use fake ‘colorama’ & ‘colorizr’ to steal data + gain remote access.🔗 Read more: <a href="https://hackread.com/backdoors-python-npm-packages-windows-linux/" rel="nofollow noopener" translate="no" target="_blank">https://hackread.com/backdoors-python-npm-packages-windows-linux/</a><a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://mstdn.social/tags/Backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#Backdoor</a> <a href="https://mstdn.social/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#Python</a> <a href="https://mstdn.social/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#NPM</a> <a href="https://mstdn.social/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a>

The New OilDozens of malicious packages on <a href="https://mastodon.thenewoil.org/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#NPM</a> collect host and network data<a href="https://www.bleepingcomputer.com/news/security/dozens-of-malicious-packages-on-npm-collect-host-and-network-data/" rel="nofollow noopener" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/dozens-of-malicious-packages-on-npm-collect-host-and-network-data/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a>

The New OilDestructive <a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> available in <a href="https://mastodon.thenewoil.org/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#NPM</a> repo went unnoticed for 2 years<a href="https://arstechnica.com/information-technology/2025/05/destructive-malware-available-in-npm-repo-went-unnoticed-for-2-years/" rel="nofollow noopener" translate="no" target="_blank">https://arstechnica.com/information-technology/2025/05/destructive-malware-available-in-npm-repo-went-unnoticed-for-2-years/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a>

IT NewsDestructive malware available in NPM repo went unnoticed for 2 years - Researchers have found malicious software that received more... - <a href="https://arstechnica.com/information-technology/2025/05/destructive-malware-available-in-npm-repo-went-unnoticed-for-2-years/" rel="nofollow noopener" translate="no" target="_blank">https://arstechnica.com/information-technology/2025/05/destructive-malware-available-in-npm-repo-went-unnoticed-for-2-years/</a> <a href="https://schleuss.online/tags/coderepositories" class="mention hashtag" rel="nofollow noopener" target="_blank">#coderepositories</a> <a href="https://schleuss.online/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://schleuss.online/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> <a href="https://schleuss.online/tags/biz" class="mention hashtag" rel="nofollow noopener" target="_blank">#biz</a>⁢ <a href="https://schleuss.online/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a>

The New OilMalicious <a href="https://mastodon.thenewoil.org/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#NPM</a> package uses Unicode <a href="https://mastodon.thenewoil.org/tags/steganography" class="mention hashtag" rel="nofollow noopener" target="_blank">#steganography</a> to evade detection<a href="https://www.bleepingcomputer.com/news/security/malicious-npm-package-uses-unicode-steganography-to-evade-detection/" rel="nofollow noopener" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/malicious-npm-package-uses-unicode-steganography-to-evade-detection/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a>

The New OilMalicious <a href="https://mastodon.thenewoil.org/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> Packages Infect 3,200+ <a href="https://mastodon.thenewoil.org/tags/Cursor" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cursor</a> Users With Backdoor, Steal Credentials<a href="https://thehackernews.com/2025/05/malicious-npm-packages-infect-3200.html" rel="nofollow noopener" translate="no" target="_blank">https://thehackernews.com/2025/05/malicious-npm-packages-infect-3200.html</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> <a href="https://mastodon.thenewoil.org/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a> <a href="https://mastodon.thenewoil.org/tags/Apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#Apple</a> <a href="https://mastodon.thenewoil.org/tags/Mac" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mac</a> <a href="https://mastodon.thenewoil.org/tags/macOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#macOS</a>

Frontend Dogmanpm Targeted by Malware Campaign Mimicking Familiar Library Names, by <a href="https://fosstodon.org/@SocketSecurity" class="u-url mention" rel="nofollow noopener" target="_blank">@SocketSecurity</a>:<a href="https://socket.dev/blog/npm-targeted-by-malware-campaign-mimicking-familiar-library-names" rel="nofollow noopener" translate="no" target="_blank">https://socket.dev/blog/npm-targeted-by-malware-campaign-mimicking-familiar-library-names</a><a href="https://mas.to/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> <a href="https://mas.to/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://mas.to/tags/dependencies" class="mention hashtag" rel="nofollow noopener" target="_blank">#dependencies</a> <a href="https://mas.to/tags/linklists" class="mention hashtag" rel="nofollow noopener" target="_blank">#linklists</a>

The New OilSupply chain attack hits <a href="https://mastodon.thenewoil.org/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> package with 45,000 weekly downloads<a href="https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-npm-package-with-45-000-weekly-downloads/" rel="nofollow noopener" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-npm-package-with-45-000-weekly-downloads/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://mastodon.thenewoil.org/tags/RandUserAgent" class="mention hashtag" rel="nofollow noopener" target="_blank">#RandUserAgent</a>

Frontend Dogmanpm Should Remove the Default License From New Packages (ISC), by @extremq.com:<a href="https://extremq.com/npm-should-remove-the-default-license-from-new-packages-isc/" rel="nofollow noopener" translate="no" target="_blank">https://extremq.com/npm-should-remove-the-default-license-from-new-packages-isc/</a><a href="https://mas.to/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> <a href="https://mas.to/tags/dependencies" class="mention hashtag" rel="nofollow noopener" target="_blank">#dependencies</a> <a href="https://mas.to/tags/licensing" class="mention hashtag" rel="nofollow noopener" target="_blank">#licensing</a> <a href="https://mas.to/tags/foss" class="mention hashtag" rel="nofollow noopener" target="_blank">#foss</a>

Hackread.com🚨 A malicious npm package, crypto-encrypt-ts, impersonating <a href="https://mstdn.social/tags/CryptoJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#CryptoJS</a> was downloaded 1,900+ times before being caught. It targets crypto wallets and <a href="https://mstdn.social/tags/MongoDB" class="mention hashtag" rel="nofollow noopener" target="_blank">#MongoDB</a> data, with code suggesting Turkish origins.Read more: <a href="https://hackread.com/npm-malware-crypto-wallets-mongodb-turkey-code/" rel="nofollow noopener" translate="no" target="_blank">https://hackread.com/npm-malware-crypto-wallets-mongodb-turkey-code/</a><a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://mstdn.social/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberAttack</a> <a href="https://mstdn.social/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#NPM</a> <a href="https://mstdn.social/tags/Crypto" class="mention hashtag" rel="nofollow noopener" target="_blank">#Crypto</a> <a href="https://mstdn.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a>

lil5 :rustcrab: 🚲 🇳🇱<a href="https://social.linux.pizza/tags/nodejs" class="mention hashtag" rel="nofollow noopener" target="_blank">#nodejs</a> <a href="https://social.linux.pizza/tags/denojs" class="mention hashtag" rel="nofollow noopener" target="_blank">#denojs</a> <a href="https://social.linux.pizza/tags/jsr" class="mention hashtag" rel="nofollow noopener" target="_blank">#jsr</a> <a href="https://social.linux.pizza/tags/bunjs" class="mention hashtag" rel="nofollow noopener" target="_blank">#bunjs</a> <a href="https://social.linux.pizza/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> <a href="https://social.linux.pizza/tags/webdev" class="mention hashtag" rel="nofollow noopener" target="_blank">#webdev</a> <a href="https://social.linux.pizza/tags/javascript" class="mention hashtag" rel="nofollow noopener" target="_blank">#javascript</a>

Ryan Daws 🤓Masquerading payment npm package installs backdoor <a href="https://www.developer-tech.com/news/masquerading-payment-npm-package-installs-backdoor/" rel="nofollow noopener" translate="no" target="_blank">https://www.developer-tech.com/news/masquerading-payment-npm-package-installs-backdoor/</a> <a href="https://techhub.social/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> <a href="https://techhub.social/tags/javascript" class="mention hashtag" rel="nofollow noopener" target="_blank">#javascript</a> <a href="https://techhub.social/tags/developers" class="mention hashtag" rel="nofollow noopener" target="_blank">#developers</a> <a href="https://techhub.social/tags/coding" class="mention hashtag" rel="nofollow noopener" target="_blank">#coding</a> <a href="https://techhub.social/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#programming</a> <a href="https://techhub.social/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a> <a href="https://techhub.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://techhub.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://techhub.social/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#tech</a> <a href="https://techhub.social/tags/news" class="mention hashtag" rel="nofollow noopener" target="_blank">#news</a> <a href="https://techhub.social/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#technology</a>

skry“slopsquatting, a new term for a surprisingly effective type of software supply chain attack that emerges when LLMs “hallucinate” package names that don’t actually exist. If you’ve ever seen an AI recommend a package and thought, “Wait, is that real?”—you’ve already encountered the foundation of the problem.And now attackers are catching on.”The Rise of Slopsquatting: How <a href="https://mastodon.social/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a> Hallucinations Are Fueling... <a href="https://socket.dev/blog/slopsquatting-how-ai-hallucinations-are-fueling-a-new-class-of-supply-chain-attacks" rel="nofollow noopener" translate="no" target="_blank">https://socket.dev/blog/slopsquatting-how-ai-hallucinations-are-fueling-a-new-class-of-supply-chain-attacks</a> <a href="https://mastodon.social/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> <a href="https://mastodon.social/tags/dev" class="mention hashtag" rel="nofollow noopener" target="_blank">#dev</a> <a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>Edit: more info: <a href="https://www.bleepingcomputer.com/news/security/ai-hallucinated-code-dependencies-become-new-supply-chain-risk/" rel="nofollow noopener" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/ai-hallucinated-code-dependencies-become-new-supply-chain-risk/</a>

Hackread.com🚨 Watch out as new npm malware targets Atomic and Exodus wallets to alter their addresses and hijack crypto transfer.Read: <a href="https://hackread.com/npm-malware-atomic-exodus-wallets-hijack-crypto/" rel="nofollow noopener" translate="no" target="_blank">https://hackread.com/npm-malware-atomic-exodus-wallets-hijack-crypto/</a><a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://mstdn.social/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> <a href="https://mstdn.social/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://mstdn.social/tags/Crypto" class="mention hashtag" rel="nofollow noopener" target="_blank">#Crypto</a> <a href="https://mstdn.social/tags/Scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#Scam</a>

Mike Taylor 🦕Hoo boy am I tired of seeing messages in my browser's JavaScript from some deep transitive dependency of the app I work on, saying "We're about to remove support for <feature that a slightly less nested transitive dependency uses>, sucks to be you."This whole developer ecosystem is a nightmare of endless compatibility problems, 90% of them trivially avoidable with a moment's thought.<a href="https://sauropods.win/tags/Node" class="mention hashtag" rel="nofollow noopener" target="_blank">#Node</a> <a href="https://sauropods.win/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#NPM</a> <a href="https://sauropods.win/tags/React" class="mention hashtag" rel="nofollow noopener" target="_blank">#React</a> <a href="https://sauropods.win/tags/DependencyHell" class="mention hashtag" rel="nofollow noopener" target="_blank">#DependencyHell</a>

Frontend DogmaMalware Found on npm Infecting Local Package With Reverse Shell, by @reversinglabs.com:<a href="https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell" rel="nofollow noopener" translate="no" target="_blank">https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell</a><a href="https://mas.to/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> <a href="https://mas.to/tags/dependencies" class="mention hashtag" rel="nofollow noopener" target="_blank">#dependencies</a> <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a>

Recent searches

Search options

Administered by:

Server stats:

#npm