The popular NPM JavaScript package manager and registry has been hit with an influx of malicious packages, the most harmful of which are related to data theft, crypto mining, botnets, and remote code execution, according to research from security company WhiteSource.
WhiteSource’s automated malware detection platform, WhiteSource Diffend, detected a total of 1,300 malicious packages on NPM, within a period of six months ended December 2021.
All the malicious packages identified by WhiteSource were notified to NPM and were subsequently removed from the package registry.
More Stories
Patch Tuesday, May 2024 Edition
Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day”...
Data Breaches in US Schools Exposed 37.6M Records
Comparitech said 2023 was a record year for breaches with 954 reported, up from 139 in 2022 and 783 in...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m giving a webinar via Zoom...
Ebury Botnet Operators Diversify with Financial and Crypto Theft
The 15-year-old Ebury botnet is more active than ever, as ESET found 400,000 Linux servers compromised for cryptocurrency theft and...
CISA and Partners Unveil Cybersecurity Guide For Civil Society Groups
The guide is designed to provide high-risk communities with actionable steps to bolster their cybersecurity defenses Read More
How Scammers Hijack Your Instagram
Authored by Vignesh Dhatchanamoorthy, Rachana S Instagram, with its vast user base and dynamic platform, has become a hotbed for...