tldrdailynews.com logo
Tag

Npm

All articles tagged with #npm

TrapDoor Strikes npm, PyPI, and Crates.io with Cross-Ecosystem Credential-Stealing Malware
security1 day ago

TrapDoor Strikes npm, PyPI, and Crates.io with Cross-Ecosystem Credential-Stealing Malware

A coordinated TrapDoor campaign targets npm, PyPI, and Crates.io, distributing 34 malicious packages across hundreds of versions to steal developer secrets, crypto wallets, SSH keys, cloud credentials, and environment data. npm payloads run trap-core.js to harvest credentials and establish persistence via cron, systemd, Git hooks, and SSH lateral movement; Rust crates search keystores and exfiltrate data to GitHub Gists; Python packages auto-execute on import and fetch a remote JavaScript payload executed via node -e. The attack also hides instructions in .cursorrules and CLAUDE.md to trick AI tools through PRs, signaling an evolution of developer-workflow attacks across multiple ecosystems.

via The Hacker News|
#cratesio#credential-theft#npm
Week in Security: Exchange Zero-Day Exploited, NPM Worm Surges, and AI Supply-Chain Risks
cybersecurity8 days ago

Week in Security: Exchange Zero-Day Exploited, NPM Worm Surges, and AI Supply-Chain Risks

This weekly security roundup highlights rapid, multi-vector threats: on-prem Microsoft Exchange is being exploited via CVE-2026-42897 (spoofing/XSS), Cisco’s SD-WAN Controller faces active exploitation from CVE-2026-20182, and a TeamPCP‑driven wave poisons TanStack npm packages as part of a larger supply-chain campaign. The era of fake AI repos delivering stealer malware continues (Open-OSS/privacy-filter on Hugging Face). AI-assisted vulnerability discovery is accelerating with OpenAI’s Daybreak and Microsoft MDASH, alongside other notable findings (ransomware deals, new CVEs, and cross‑platform E2EE deployments). The takeaway: patch early, rotate keys, and assume software supply chains are compromised.

via The Hacker News|
#cve-2026-42897#cybersecurity#exchange
Bitwarden CLI Breach Ties to Checkmarx Supply Chain Campaign
technology1 month ago

Bitwarden CLI Breach Ties to Checkmarx Supply Chain Campaign

Bitwarden CLI version 2026.4.0 was compromised via a malicious bw1.js distributed through npm during the Checkmarx supply chain campaign, with attackers exploiting a compromised GitHub Action in Bitwarden's CI/CD to steal tokens, secrets and credentials and exfiltrate them to audit.checkmarx.cx (and a fallback GitHub repository). The malware can inject malicious workflows to harvest secrets across downstream pipelines; Bitwarden says no end-user vault data was accessed and the issue was contained with the release deprecated. The incident is linked to TeamPCP and related to the Shai-Hulud activity; a CVE will be issued for this release.

via The Hacker News|
#bitwarden#ci-cd#cybersecurity
Axios supply-chain breach delivers cross-platform RAT through fake dependency
security1 month ago

Axios supply-chain breach delivers cross-platform RAT through fake dependency

Axios was hit by a supply-chain attack after attackers used compromised maintainer credentials to publish axios v1.14.1 and v0.30.4, which inject the fake dependency [email protected]. The postinstall script in that dependency drops a cross-platform RAT on macOS, Windows, and Linux, contacting a C2 server and delivering platform-specific payloads before self-deleting. Users should downgrade to 1.14.0 or 0.30.3, rotate credentials, remove plain-crypto-js from node_modules, audit CI/CD for the affected installs, and block egress to the C2 domain sfrclak.com. Axios itself wasn’t modified; the malicious behavior resided entirely in a transitive dependency, with additional vendored packages also distributing the malware.

via The Hacker News|
#axios#malware#npm
security8 months ago

Enhancing npm Supply Chain Security Amidst Growing Threats

CISA issued an alert about a widespread supply chain attack involving npm packages, where a self-replicating worm called 'Shai-Hulud' compromised over 500 packages, exfiltrated credentials, and spread malware. Organizations are advised to review dependencies, rotate credentials, enable MFA, monitor network activity, and harden GitHub security to mitigate the threat.

via CISA (.gov)|
#cisa#cybersecurity#malware
Malicious npm and VS Code Packages Exploiting Developers and Stealing Data
cybersecurity1 year ago

Malicious npm and VS Code Packages Exploiting Developers and Stealing Data

Researchers have uncovered over 70 malicious npm and VS Code packages used for data theft, cryptomining, and destructive payloads, with threat actors deploying sophisticated techniques including masquerading as legitimate tools, evading sandbox detection, and using multi-stage infection chains to compromise developers' systems and steal sensitive information.

via The Hacker News|
#cryptocurrency#cybersecurity#data-theft
Malicious Code Libraries Target JavaScript Developers via Blockchain
cybersecurity1 year ago

Malicious Code Libraries Target JavaScript Developers via Blockchain

Researchers have discovered hundreds of malicious code libraries on NPM that attempt to install malware on developers' machines. These packages use typosquatting to trick developers into downloading them, and they connect to IP addresses stored on the Ethereum blockchain to fetch additional malicious files and send system information back to the attackers. The campaign highlights the importance of verifying package names before installation to avoid such threats.

via Ars Technica|
#cyberattack#cybersecurity#ethereum