The Hacker News

APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities

Pakistan-aligned APT36 and SideCopy target Indian defense and government entities using phishing-delivered RAT malware across Windows and Linux system ...

Malicious packages for dYdX cryptocurrency exchange empties user wallets

Open source packages published on the npm and PyPI repositories were laced with code that stole wallet credentials from dYdX developers and backend systems and, in some cases, backdoored devices, ...
The Hacker News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.
Search Engine Roundtable

Google Warns: Don't Use NoIndex Tags In Pages That Use JavaScript

Google updated its JavaScript SEO documentation to warn against using a noindex tag in the original page code on JavaScript pages. Google wrote, "if you do want the page indexed, don't use a noindex ...
TechSpot

JavaScript turns 30: From 10-day prototype to the backbone of the modern web

Why it matters: JavaScript was officially unveiled in 1995 and now powers the overwhelming majority of the modern web, as well as countless server and desktop projects. The language is one of the core ...
CoinTelegraph

NPM supply-chain attack compromises major ENS and crypto libraries

A researcher warned that more than 400 NPM libraries, including at least 10 crypto packages mostly tied to ENS, were compromised by Shai Hulud malware. A major JavaScript supply-chain attack has ...
financefeeds

Shai Hulud Malware Hits 400+ JavaScript Packages in Major NPM Supply-Chain Attack

What Happened in the Shai Hulud JavaScript Attack? A major JavaScript supply-chain attack has compromised more than 400 NPM packages — including at least 10 widely used across the crypto ecosystem — ...
Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...
Ripple

NPM Supply Attack: Malicious Tinycolor Steals Secrets Using TruffleHog

In a supply chain attack, the trending npm package, @ctrl/tinycolor, was in the target. Dastardly versions steal secrets through TruffleHog scanning. The npm package ecosystem has been compromised by ...
TechSpot

Breach of npm threatens billions of weekly downloads in JavaScript ecosystem

What the Script: Supply chain attacks are traditionally designed to inflict maximum damage on structured organizations or companies. However, when such an attack compromises a supply chain that an ...
u

NPM Hack in Crypto: Polygon, Ledger, Trezor Share Important Statements

Largest cryptocurrency product seems to be unaffected by biggest "supply chain" hack in history So far, no cryptocurrency service has reported losses as a result of clipper malware being injected into ...
Forbes

New Security Breach Threatens Crypto And Everyday Apps

Forbes contributors publish independent expert analyses and insights. A serious security breach has sent shockwaves through both everyday online services and the cryptocurrency world. At the center is ...