NPM Packages – TheCyberThrone

Malicious NPM Packages leveraged to steal Information

Researchers from Checkmarx detailed about a threat actor leveraging NPM packages to target developers to steal source code and secrets. Active since 2021, the threat actor has been publishing malicious…

PravinKarthik August 31, 2023

Malicious package found on NPM and PYPi Registries

Researchers have discovered malicious packages on the npm and PyPi open-source registries, which could cause issues if unwittingly downloaded by developers. In January, Researchers found 691 malicious npm packages and…

PravinKarthik February 14, 2023

LofyLife steals Discord tokens

Researchers have discovered an attack campaign named Lofylife that uses malicious npm packages, targeting Discord users to steal Discord tokens and users’ card data. The Python malware is a modified…

PravinKarthik July 29, 2022

Malicious NPM Package Use in Supply chain attacks

Researchers have discovered a supply chain attack that uses packages hosted on the Node Package Manager, the manager for the Node.js JavaScript platform. The attack involves more than two dozen…

PravinKarthik July 6, 2022

GitHub Plans for MFA mandatory by 2023 yearend

GitHub plans to introduce MFA as a mandatory requirement for any user who contributes code on the platform by the end of 2023. The platform owned by Microsoft has a…

PravinKarthik May 6, 2022

Harming NPM Packages for illicit Activity

Security

Malicious NPM Packages leveraged to steal Information

Malicious package found on NPM and PYPi Registries

LofyLife steals Discord tokens

Malicious NPM Package Use in Supply chain attacks

GitHub Plans for MFA mandatory by 2023 yearend

Harming NPM Packages for illicit Activity

JFrog NPM Trio Tool

Discord Servers Hijacked By Malicious NPM Packages