Threat Post

Attackers Use Typo-Squatting To Steal npm Credentials

Criminals used a typo-squatting technique and uploaded rogue JavaScript libraries to a popular code repository npm. Hackers seeking developer credentials used typo-squatting to spread malicious code ...
Cybernews

The 2025 npm worm that shook the software supply chain

As a worm spread through hundreds of npm packages in 2025, it didn't exploit a vulnerability – it exploited the architecture.
CSOonline

Typo hackers sneak cross-platform credential stealer into 10 npm packages

The typosquatted packages auto-execute on installation, fingerprint victims by IP, and deploy a PyInstaller binary to harvest credentials from browsers, SSH keys, API tokens, and cloud configuration ...
InfoQ

Pika Brings Zero-Configuration Bundling and Publishing for NPM Packages

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Vivek Yadav, an engineering manager from ...
TechRadar

Npm package with millions of downloads is at risk from malware hijacking

A popular npm maintainer fell prey to a phishing attack, sharing login credentials with cybercriminals The attackers accessed their npm account and pushed malware through a popular package They were ...
TechRadar

More popular npm packages hijacked to spread malware

A npm package maintainer has fallen victim to a phishing attack The attackers accessed packages and updated them to carry malware Most antivirus programs are still not properly flagging the malicious ...
Visual Studio Magazine

Set Up ASP.NET MVC with AngularJS in Visual Studio

In previous columns I’ve looked at using TypeScript with popular JavaScript frameworks like Knockout and Backbone. It makes sense, therefore, to look at how to use TypeScript with one of the most ...