ZDNet

Malicious npm packages caught installing remote access trojans

The security team behind the "npm" repository for JavaScript libraries removed two npm packages this Monday for containing malicious code that installed a remote access trojan (RAT) on the computers ...
Bleeping Computer

GitHub finds 7 code execution vulnerabilities in 'tar' and npm CLI

GitHub security team has identified several high-severity vulnerabilities in npm packages, "tar" and "@npmcli/arborist," used by npm CLI. The tar package receives 20 million weekly downloads on ...
Opinion

Shai-Hulud worm returns, belches secrets to 25K GitHub repos

Following the first Shai-Hulud attacks, which infected more than 500 packages in total, and GitHub having to scour its users' repos for exposed secrets, the development platform announced a tightening ...