News

The Hacker News24y
Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
Malicious npm packages targeting Cursor macOS users stole credentials and disabled updates, impacting 3,200+ downloads.
Malicious NPM package uses Unicode steganography to evade detection
A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google ...
Supply chain attack hits npm package with 45,000 weekly downloads
An npm package named 'rand-user-agent' has been compromised in a supply chain attack to inject obfuscated code that activates ...
SecurityWeek11d
Malicious NPM Packages Target Cursor AI’s macOS Users
Three NPM packages posing as developer tools for Cursor AI code editor’s macOS version contain a backdoor, researchers warn.
CSO Online13d
Hackers booby trap NPM with cross-language imposter packages
Developers adept at multiple coding languages are tricked into installing a familiar-sounding package from within the Node ...
SecurityWeek10d
Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack
Supply chain attack compromises the popular rand-user-agent scraping NPM package to deploy and activate a backdoor.
it-daily.net8d
Cursor AI: Malware detected in fake NPM packages
Security researchers have identified three malicious NPM packages masquerading as developer tools for the AI-powered code ...
Hosted on MSN26d
Ripple NPM supply chain attack hunts for private keys
Many versions of the Ripple ledger (XRPL) official NPM package are compromised with malware injected to steal cryptocurrency.… The NPM package, xrpl, is a JavaScript/TypeScript library that devs ...
CoinDesk27d
XRP Ledger Bug Patched After 'Serious' Flaw Spotted in XRPL Library
A threat actor seemingly exploited an XRP Ledger’s developer access token to publish illicit code to the burgeoning network in a move that could have been “catastrophic” for the network, the ...