Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto

Updated on May 26, 2025

As many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint.
The packages, published under three different accounts, come with an install‑time script that’s triggered during npm install, Socket security researcher Kirill Boychenko said in a…

Read the rest of the story at Read More

Source: The Hacker News

May 6, 2025 Uncategorized

Third Parties and Machine Credentials: T...

November 12, 2024 Uncategorized

New Phishing Tool GoIssue Targets GitHub...

January 16, 2025 Uncategorized

Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto

Related posts

Third Parties and Machine Credentials: T...

New Phishing Tool GoIssue Targets GitHub...

Researcher Uncovers Critical Flaws in Mu...

Leave a Comment Cancel reply

Recent News

Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks

Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages

Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger

Weak Passwords and Compromised Accounts: Key Findings from the Blue Report 2025

Scattered Spider Hacker Gets 10 Years, $13M Restitution for SIM Swapping Crypto Theft

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft

FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage

Experts Find AI Browsers Can Be Tricked by PromptFix Exploit to Run Malicious Hidden Prompts

🕵️ Webinar: Discover and Control Shadow AI Agents in Your Enterprise Before Hackers Do