toad.social

Pyrzout :vm:High-Value NPM Developers Compromised in New Phishing Campaign <a href="https://www.securityweek.com/high-value-npm-developers-compromised-in-new-phishing-campaign/" rel="nofollow noopener" translate="no" target="_blank">https://www.securityweek.com/high-value-npm-developers-compromised-in-new-phishing-campaign/</a> <a href="https://social.skynetcloud.site/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChainSecurity</a> <a href="https://social.skynetcloud.site/tags/SupplyChain" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChain</a> <a href="https://social.skynetcloud.site/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#phishing</a> <a href="https://social.skynetcloud.site/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#NPM</a>

Kevin Karhan :verified:<a href="https://aus.social/@static" class="u-url mention" rel="nofollow noopener" target="_blank">@static</a> <a href="https://toot.community/@Noisecolor" class="u-url mention" rel="nofollow noopener" target="_blank">@Noisecolor</a> TBH, <a href="https://infosec.space/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> suffers the same problems and then some as <a href="https://infosec.space/tags/AUR" class="mention hashtag" rel="nofollow noopener" target="_blank">#AUR</a> and has seen it's fair share of <a href="https://infosec.space/tags/abuse" class="mention hashtag" rel="nofollow noopener" target="_blank">#abuse</a> and <a href="https://infosec.space/tags/CyberVandalism" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberVandalism</a> ranging from malicious commits to flat-out <a href="https://infosec.space/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> distribution, so it has the <a href="https://infosec.space/tags/centralization" class="mention hashtag" rel="nofollow noopener" target="_blank">#centralization</a> problem!

Kevin Karhan :verified:<a href="https://aus.social/@static" class="u-url mention" rel="nofollow noopener" target="_blank">@static</a> I think <a href="https://infosec.space/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> is just a horrible package manager in terms of <a href="https://infosec.space/tags/UX" class="mention hashtag" rel="nofollow noopener" target="_blank">#UX</a>.

thepwnicorn<a href="https://socket.dev/blog/npm-is-package-hijacked-in-expanding-supply-chain-attack" rel="nofollow noopener" translate="no" target="_blank">https://socket.dev/blog/npm-is-package-hijacked-in-expanding-supply-chain-attack</a> <a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> <a href="https://infosec.exchange/tags/supplychainattack" class="mention hashtag" rel="nofollow noopener" target="_blank">#supplychainattack</a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#phishing</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a> <a href="https://infosec.exchange/tags/windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#windows</a> <a href="https://infosec.exchange/tags/remoteshell" class="mention hashtag" rel="nofollow noopener" target="_blank">#remoteshell</a>

Bobbys BytesHeads up, developers! A major npm Registry security breach has compromised 847 packages. Social engineering gave attackers access to maintainer accounts. Stay vigilant! <a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://mastodon.social/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://mastodon.social/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a>

The New OilPopular <a href="https://mastodon.thenewoil.org/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> <a href="https://mastodon.thenewoil.org/tags/linter" class="mention hashtag" rel="nofollow noopener" target="_blank">#linter</a> packages hijacked via <a href="https://mastodon.thenewoil.org/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#phishing</a> to drop <a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a><a href="https://www.bleepingcomputer.com/news/security/popular-npm-linter-packages-hijacked-via-phishing-to-drop-malware/" rel="nofollow noopener" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/popular-npm-linter-packages-hijacked-via-phishing-to-drop-malware/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://mastodon.thenewoil.org/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#JavaScript</a>

Hackread.com🚨 A fake npm website tricked a maintainer into giving up their token, letting attackers push malware into popular JS packages.Details: <a href="https://hackread.com/fake-npm-website-used-push-malware-via-stolen-token/" rel="nofollow noopener" translate="no" target="_blank">https://hackread.com/fake-npm-website-used-push-malware-via-stolen-token/</a><a href="https://mstdn.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://mstdn.social/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> <a href="https://mstdn.social/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#JavaScript</a> <a href="https://mstdn.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://mstdn.social/tags/supplychainsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#supplychainsecurity</a>

Cindʎ Xiao 🍉Great analysis of the malware distributed with the esling-config-prettier NPM package compromise on Friday: <a href="https://c-b.io/2025-07-20+-+Install+Linters%2C+Get+Malware+-+DevSecOps+Speedrun+Edition" rel="nofollow noopener" translate="no" target="_blank">https://c-b.io/2025-07-20+-+Install+Linters%2C+Get+Malware+-+DevSecOps+Speedrun+Edition</a>By <a href="https://bsky.app/profile/c-b.io" rel="nofollow noopener" target="_blank">c-b.io on Bluesky</a> / <a href="https://x.com/cyb3rjerry" rel="nofollow noopener" target="_blank">cyb3rjerry on Twitter</a> :D<a href="https://infosec.exchange/tags/malwareanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#malwareanalysis</a> <a href="https://infosec.exchange/tags/reverseengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#reverseengineering</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> <a href="https://infosec.exchange/tags/npmsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#npmsecurity</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/reversing" class="mention hashtag" rel="nofollow noopener" target="_blank">#reversing</a>

Miguel Afonso Caetano"Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a phishing campaign designed to steal the project maintainers' npm tokens.The captured tokens were then used to publish malicious versions of the packages directly to the registry without any source code commits or pull requests on their respective GitHub repositories.The list of affected packages and their rogue versions, according to Socket, is listed below -- eslint-config-prettier (versions 8.10.1, 9.1.1, 10.1.6, and 10.1.7) - eslint-plugin-prettier (versions 4.2.2 and 4.2.3) - synckit (version 0.11.9) - @pkgr/core (version 0.2.8) - napi-postinstall (version 0.3.1)"The injected code attempted to execute a DLL on Windows machines, potentially allowing remote code execution," the software supply chain security firm said."<a href="https://thehackernews.com/2025/07/malware-injected-into-6-npm-packages.html" rel="nofollow noopener" translate="no" target="_blank">https://thehackernews.com/2025/07/malware-injected-into-6-npm-packages.html</a><a href="https://tldr.nettime.org/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://tldr.nettime.org/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#NPM</a> <a href="https://tldr.nettime.org/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#JavaScript</a> <a href="https://tldr.nettime.org/tags/Node" class="mention hashtag" rel="nofollow noopener" target="_blank">#Node</a> <a href="https://tldr.nettime.org/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#GitHub</a> <a href="https://tldr.nettime.org/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows</a> <a href="https://tldr.nettime.org/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a>

SashaThere was an attempt to put malware into the eslint-config-prettier package. Be careful out there peeps.<a href="https://github.com/prettier/eslint-config-prettier/issues/339#issuecomment-3090199603" rel="nofollow noopener" translate="no" target="_blank">https://github.com/prettier/eslint-config-prettier/issues/339#issuecomment-3090199603</a><a href="https://hachyderm.io/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> <a href="https://hachyderm.io/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> <a href="https://hachyderm.io/tags/eslint" class="mention hashtag" rel="nofollow noopener" target="_blank">#eslint</a>

Socket🚨 Active supply chain attack on npm: Multiple Prettier tooling packages were compromised through the phishing campaign we published about just hours ago. Watch out for more compromised accounts and malicious packages. Follow-up: <a href="https://socket.dev/blog/npm-phishing-campaign-leads-to-prettier-tooling-packages-compromise" rel="nofollow noopener" translate="no" target="_blank">https://socket.dev/blog/npm-phishing-campaign-leads-to-prettier-tooling-packages-compromise</a> <a href="https://fosstodon.org/tags/nodejs" class="mention hashtag" rel="nofollow noopener" target="_blank">#nodejs</a> <a href="https://fosstodon.org/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a>

Christoffer S.NPM continues to be an attractive target for threat actors. These are the most common attack vectors:1. Typosquatting: Mimicking popular packages (e.g., web3-wrapper-ethers vs ethers) [1]2. Package Impersonation: Creating near-identical copies of legitimate libraries [2]3. Legitimate Package Compromise: Hijacking established packages (eslint-config-prettier) [3]4. Malicious Pull Requests: Introducing dependencies via seemingly legitimate contributions [4]5. Phishing: Credential theft using typosquatted domains (npnjs.com) [5]## References[1] <a href="https://www.aikido.dev/blog/malicious-package-web3" rel="nofollow noopener" translate="no" target="_blank">https://www.aikido.dev/blog/malicious-package-web3</a> [2] <a href="https://socket.dev/blog/north-korean-contagious-interview-campaign-drops-35-new-malicious-npm-packages" rel="nofollow noopener" translate="no" target="_blank">https://socket.dev/blog/north-korean-contagious-interview-campaign-drops-35-new-malicious-npm-packages</a> [3] <a href="https://www.stepsecurity.io/blog/supply-chain-security-alert-eslint-config-prettier-package-shows-signs-of-compromise" rel="nofollow noopener" translate="no" target="_blank">https://www.stepsecurity.io/blog/supply-chain-security-alert-eslint-config-prettier-package-shows-signs-of-compromise</a> [4] <a href="https://www.reversinglabs.com/blog/malicious-pull-request-infects-vscode-extension" rel="nofollow noopener" translate="no" target="_blank">https://www.reversinglabs.com/blog/malicious-pull-request-infects-vscode-extension</a> [5] <a href="https://socket.dev/blog/npm-phishing-email-targets-developers-with-typosquatted-domain" rel="nofollow noopener" translate="no" target="_blank">https://socket.dev/blog/npm-phishing-email-targets-developers-with-typosquatted-domain</a><a href="https://swecyb.com/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntel</a> <a href="https://swecyb.com/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://swecyb.com/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://swecyb.com/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#NPM</a> <a href="https://swecyb.com/tags/SupplyChain" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChain</a>

nemo™ 🇺🇦🚨 North Korean hackers unleashed 67 malware-ridden packages on npm in their ongoing "Contagious Interview" campaign, spreading the XORIndex loader to steal data & FckCrypto 🕵️‍♂️💻 Over 17,000 downloads caught in this supply chain attack! Stay vigilant & verify packages carefully! <a href="https://mas.to/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://mas.to/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#NPM</a> <a href="https://mas.to/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://mas.to/tags/SupplyChainAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChainAttack</a>Read more: <a href="https://www.techradar.com/pro/security/north-korean-hackers-release-malware-ridden-packages-into-npm-registry" rel="nofollow noopener" translate="no" target="_blank">https://www.techradar.com/pro/security/north-korean-hackers-release-malware-ridden-packages-into-npm-registry</a> <a href="https://mas.to/tags/newz" class="mention hashtag" rel="nofollow noopener" target="_blank">#newz</a>

The New OilNorth Korean <a href="https://mastodon.thenewoil.org/tags/XORIndex" class="mention hashtag" rel="nofollow noopener" target="_blank">#XORIndex</a> <a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> hidden in 67 malicious <a href="https://mastodon.thenewoil.org/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> packages<a href="https://www.bleepingcomputer.com/news/security/north-korean-xorindex-malware-hidden-in-67-malicious-npm-packages/" rel="nofollow noopener" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/north-korean-xorindex-malware-hidden-in-67-malicious-npm-packages/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://mastodon.thenewoil.org/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener" target="_blank">#NorthKorea</a>

securityaffairs<a href="https://infosec.exchange/tags/North" class="mention hashtag" rel="nofollow noopener" target="_blank">#North</a> <a href="https://infosec.exchange/tags/Korea" class="mention hashtag" rel="nofollow noopener" target="_blank">#Korea</a>-linked actors spread <a href="https://infosec.exchange/tags/XORIndex" class="mention hashtag" rel="nofollow noopener" target="_blank">#XORIndex</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> via 67 malicious <a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> packages <a href="https://securityaffairs.com/179950/hacking/north-korea-linked-actors-spread-xorindex-malware-via-67-malicious-npm-packages.html" rel="nofollow noopener" translate="no" target="_blank">https://securityaffairs.com/179950/hacking/north-korea-linked-actors-spread-xorindex-malware-via-67-malicious-npm-packages.html</a> <a href="https://infosec.exchange/tags/securityaffairs" class="mention hashtag" rel="nofollow noopener" target="_blank">#securityaffairs</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a>

洪民憙 (Hong Minhee)Introducing <a class="mention hashtag" rel="nofollow noopener" href="https://hollo.social/tags/Upyo" target="_blank">#Upyo</a>!A simple, cross-runtime email library that works seamlessly on <a class="mention hashtag" rel="nofollow noopener" href="https://hollo.social/tags/Deno" target="_blank">#Deno</a>, <a class="mention hashtag" rel="nofollow noopener" href="https://hollo.social/tags/Node" target="_blank">#Node</a>.js, <a class="mention hashtag" rel="nofollow noopener" href="https://hollo.social/tags/Bun" target="_blank">#Bun</a>, and edge functions. Zero dependencies, unified API, and excellent testability with built-in mock transport.Switch between <a class="mention hashtag" rel="nofollow noopener" href="https://hollo.social/tags/SMTP" target="_blank">#SMTP</a>, <a class="mention hashtag" rel="nofollow noopener" href="https://hollo.social/tags/Mailgun" target="_blank">#Mailgun</a>, <a class="mention hashtag" rel="nofollow noopener" href="https://hollo.social/tags/SendGrid" target="_blank">#SendGrid</a> without changing your code. Available on <a class="mention hashtag" rel="nofollow noopener" href="https://hollo.social/tags/JSR" target="_blank">#JSR</a> & <a class="mention hashtag" rel="nofollow noopener" href="https://hollo.social/tags/npm" target="_blank">#npm</a>!<a href="https://upyo.org/" rel="nofollow noopener" target="_blank">https://upyo.org/</a>

Lukas Kahwe SmithWhen contributing to <a href="https://mastodon.green/tags/PHP" class="mention hashtag" rel="nofollow noopener" target="_blank">#PHP</a> <a href="https://mastodon.green/tags/OSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#OSS</a> dependencies, I usually used "composer --prefer-source" to get the dependencies installed as git repos.This way, when I make modifications, I can test them inside a larger codebase immediately while easily being able to check my changes and commit+push them upstream.What is the process for <a href="https://mastodon.green/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#JavaScript</a>? Is there a similar pattern with <a href="https://mastodon.green/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#NPM</a>? Or what is the approach JavaScript OSS contributors take?

Nick EscobarInstall 'steploop', with npm: <a href="https://www.npmjs.com/package/steploop" rel="nofollow noopener" translate="no" target="_blank">https://www.npmjs.com/package/steploop</a><a href="https://infosec.exchange/tags/steploop" class="mention hashtag" rel="nofollow noopener" target="_blank">#steploop</a> <a href="https://infosec.exchange/tags/typescript" class="mention hashtag" rel="nofollow noopener" target="_blank">#typescript</a> <a href="https://infosec.exchange/tags/javascript" class="mention hashtag" rel="nofollow noopener" target="_blank">#javascript</a> <a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a>

Nick EscobarTo see ‘steploop’ in action, visit the demo page.Demo page: <a href="https://nickesc.github.io/steploop/" rel="nofollow noopener" translate="no" target="_blank">https://nickesc.github.io/steploop/</a><a href="https://infosec.exchange/tags/steploop" class="mention hashtag" rel="nofollow noopener" target="_blank">#steploop</a> <a href="https://infosec.exchange/tags/typescript" class="mention hashtag" rel="nofollow noopener" target="_blank">#typescript</a> <a href="https://infosec.exchange/tags/javascript" class="mention hashtag" rel="nofollow noopener" target="_blank">#javascript</a> <a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a>

Nick EscobarToday, I released 'steploop', a TypeScript/JavaScript package that provides a fully-featured main-loop which acts as a strong foundation for building loops that execute at a consistent, specified rate. It is inspired by game engine main-loops like Godot's MainLoop or Unity's Update() loop.Source code: <a href="https://github.com/nickesc/steploop" rel="nofollow noopener" translate="no" target="_blank">https://github.com/nickesc/steploop</a><a href="https://infosec.exchange/tags/steploop" class="mention hashtag" rel="nofollow noopener" target="_blank">#steploop</a> <a href="https://infosec.exchange/tags/typescript" class="mention hashtag" rel="nofollow noopener" target="_blank">#typescript</a> <a href="https://infosec.exchange/tags/javascript" class="mention hashtag" rel="nofollow noopener" target="_blank">#javascript</a> <a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a>

Recent searches

Search options

Administered by:

Server stats:

#npm