Dark Reading

Malicious npm Package Poses as Tailwind Tool

A malicious package in the npm open source code repository is hitching a social engineering ride on the "Tailwind" legitimate software library tool, which millions of application developers use around ...
Bleeping Computer

NPM supply-chain attack impacts hundreds of websites and apps

An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and websites. As ...
Dark Reading

Supply Chain Attack Deploys Hundreds of Malicious NPM Modules to Steal Data

A routine scan of the NPM open source code repository in April turned up several packages using a JavaScript obfuscator to hide their true function. After further investigation, analysts with ...