Lucene search
K

8 matches found

The Hacker News
The Hacker News
added 2025/04/19 3:11 p.m.22 views

Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems

Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities. The packages in question are listed below - node-telegram-utils 132 downloads node-telegram-bots-api...

8.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/05 4:30 p.m.4 views

Malicious code in jsonwebtoken-js (npm)

This package is a starjacking attack which bundles a cryptostealing payload. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a67accf60cbc8a078a152decc08231110bf5a933476b286672b5cf53d042e35 Any computer that has this package installed or running should be considered...

6.8AI score
Exploits0References3
OSV
OSV
added 2024/12/05 4:30 p.m.13 views

MAL-2024-11215 Malicious code in crypto-chalk (npm)

This package is a starjacking attack which bundles a cryptostealing payload. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8183583924c5f6f8fc0ab3f242d354d5ee91cf77816175d98f546ef2e631f8e Any computer that has this package installed or running should be considered...

7AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/05 4:30 p.m.8 views

Malicious code in keccak-crypto (npm)

This package is a starjacking attack which bundles a cryptostealing payload. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ded491472e4703368974a54f37663b29332b6a969e3e8fa8ccefec26d5b4c8a0 Any computer that has this package installed or running should be considered...

6.8AI score
Exploits0References3
OSV
OSV
added 2024/12/05 4:30 p.m.10 views

MAL-2024-11216 Malicious code in jsonwebtoken-js (npm)

This package is a starjacking attack which bundles a cryptostealing payload. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a67accf60cbc8a078a152decc08231110bf5a933476b286672b5cf53d042e35 Any computer that has this package installed or running should be considered...

7AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/05 4:30 p.m.3 views

Malicious code in crypto-chalk (npm)

This package is a starjacking attack which bundles a cryptostealing payload. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8183583924c5f6f8fc0ab3f242d354d5ee91cf77816175d98f546ef2e631f8e Any computer that has this package installed or running should be considered...

6.8AI score
Exploits0References3
The Hacker News
The Hacker News
added 2024/09/02 3:36 a.m.38 views

Malicious npm Packages Mimicking 'noblox.js' Compromise Roblox Developers' Systems

Roblox developers are the target of a persistent campaign that seeks to compromise systems through bogus npm packages, once again underscoring how threat actors continue to exploit the trust in the open-source ecosystem to deliver malware. "By mimicking the popular 'noblox.js' library, attackers...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/11/18 5:6 a.m.27 views

W4SP Stealer Constantly Targeting Python Developers in Ongoing Supply Chain Attack

An ongoing supply chain attack has been leveraging malicious Python packages to distribute malware called W4SP Stealer, with over hundreds of victims ensnared to date. "The threat actor is still active and is releasing more malicious packages," Checkmarx researcher Jossef Harush said in a technic...

0.2AI score
Exploits0
Rows per page
Query Builder