News

Malicious NPM package uses Unicode steganography to evade detection
A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google ...
The Hacker News24y
Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
Malicious npm packages targeting Cursor macOS users stole credentials and disabled updates, impacting 3,200+ downloads.
Supply chain attack hits npm package with 45,000 weekly downloads
An npm package named 'rand-user-agent' has been compromised in a supply chain attack to inject obfuscated code that activates ...
CSO Online13d
Hackers booby trap NPM with cross-language imposter packages
Developers adept at multiple coding languages are tricked into installing a familiar-sounding package from within the Node ...
Hosted on MSN26d
Ripple NPM supply chain attack hunts for private keys
Many versions of the Ripple ledger (XRPL) official NPM package are compromised with malware injected to steal cryptocurrency.… The NPM package, xrpl, is a JavaScript/TypeScript library that devs ...
SecurityWeek11d
Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack
Supply chain attack compromises the popular rand-user-agent scraping NPM package to deploy and activate a backdoor.
SecurityWeek11d
Malicious NPM Packages Target Cursor AI’s macOS Users
Three NPM packages posing as developer tools for Cursor AI code editor’s macOS version contain a backdoor, researchers warn.
it-daily.net8d
Cursor AI: Malware detected in fake NPM packages
Security researchers have identified three malicious NPM packages masquerading as developer tools for the AI-powered code ...
Taiwan News6d
Vivani Medical Provides Business Update Including $3M Equity Financing and Reports First Quarter 2025 Financial Results
On March 27, 2025, Vivani announced that it has entered into a securities purchase agreement to issue and sell an aggregate of 7,366,071 shares, each at a price of $1.12 per share, expected to result ...