The Hacker News

npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Researchers expose Discord webhook C2 in npm, PyPI, RubyGems; North Korean actors published 338 malicious npm packages with ...

From infostealer to full RAT: dissecting the PureRAT attack chain

Researchers map a campaign that escalated from a Python infostealer to a full PureRAT backdoor — loaders, evasions, and ...
Arabian Post on MSN

Massive npm-Based Phishing Network Exposed Under “Beamglea” Campaign

A worm-like campaign named Shai-Hulud has been flagged, targeting widely used packages and propagating itself by harvesting secrets and inserting backdoors. It operates across npm accounts, installing ...