World’s Largest Supply Chain Cyber Attack… And just 5 Cents Stolen?
You probably saw the headlines: the world’s largest npm supply chain attack, chalk and debug-js packages with BILLIONS of downloads...
nodejs
Where did these mysterious PrismJS npm versions come from?
In 2015, strange 9000.0.x versions of PrismJS appeared on npm downloads, and nobody had a clue where they came from,...
DoS flaw lets attackers crash NodeJS apps via DNS lookups
This week, NodeJS project has released fixes for a DoS vulnerability, CVE-2020-8277, that could be triggered via DNS requests. An...
‘CursedGrabber’ Discord malware possibly linked to Russian and Ukrainian hackers
A new family of Discord malware has been spotted by Sonatype this week. Known as CursedGrabber, multiple strands of this...
NodeJS malware caught exfiltrating IPs, username, and device information on GitHub
Multiple NodeJS packages laden with malicious code have been spotted on npm registry. These "typosquatting" packages served no purpose other...
20,000 GitHub projects at risk from Node.js ‘standard-version’ library vulnerability
More than 20,000 GitHub projects rely on the Node.js standard-version utility to implement semantic versioning (semver) and for generating CHANGELOG...