Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here ...

Recently, security researchers Socket found 10 packages on npm targeting software developers, specifically those who use the ...
The Hacker News

Researchers Expose GhostCall and GhostHire: BlueNoroff's New Malware Chains

Victims of the GhostCall campaign span several infected macOS hosts located in Japan, Italy, France, Singapore, Turkey, Spain ...
CSO Online

Malicious packages in npm evade dependency detection through invisible URL links: Report

Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.
Developer Tech

Malware campaign on npm steals AWS, GCP, and Azure cloud keys

An advanced malware campaign on the npm registry steals the very keys that control enterprise cloud infrastructure.