Tag

Npm Packages

All articles tagged with #npm packages

cybersecurity16 days ago•4 min saved

Malicious npm Packages Exploit Phishing to Steal Login Credentials

Cybersecurity researchers uncovered a targeted spear-phishing campaign using 27 malicious npm packages to host browser-based phishing lures mimicking document-sharing portals and Microsoft sign-in pages, primarily targeting organizations in critical infrastructure sectors across multiple countries. The campaign leverages package CDNs for resilient hosting, employs anti-analysis techniques, and hard-codes specific email addresses, with the goal of stealing login credentials. The activity highlights ongoing threats in the software supply chain, emphasizing the need for stringent dependency verification and monitoring.

via The Hacker News|

#credential-theft #cyberattack #cybersecurity

cybersecurity2 months ago•3 min saved

Security Risks in VS Code Extensions: Ransomware, Cryptomining, and Supply Chain Threats

Cybersecurity researchers discovered a vibe-coded malicious VS Code extension with built-in ransomware capabilities, which exfiltrates and encrypts files, and uses GitHub as a command-and-control server. Additionally, 17 npm packages disguised as SDKs were found to stealthily deploy Vidar Stealer, highlighting ongoing supply chain threats in open-source ecosystems. Microsoft has removed the malicious extension from the marketplace, emphasizing the importance of vigilance in software development.

via The Hacker News|

#ai-generated-malware #cybersecurity #malicious-vs-code-extension