Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know

Recently, security researchers Socket found 10 packages on npm targeting software developers, specifically those who use the ...
Developer Tech

Malware campaign on npm steals AWS, GCP, and Azure cloud keys

An advanced malware campaign on the npm registry steals the very keys that control enterprise cloud infrastructure.
Threat Post

Microsoft Azure Developers Awash in PII-Stealing npm Packages

A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes. Researchers have found hundreds of malicious packages in the ...
ZDNet

Malicious npm packages target Azure developers to steal personal data

According to researchers Andrey Polkovnychenko and Shachar Menashe, the repositories were first detected on March 21 and steadily grew from roughly 50 malicious npm packages to over 200 in a matter of ...