Security researchers have discovered 175 malicious packages on the npm registry, collectively downloaded about 26,000 times, that were used as part of a credential phishing campaign named Beamglea. The campaign used npm and unpkg.com as free hosting to serve redirect scripts, which in turn sent victims to Microsoft credential harvesting pages, increasing the realism and […]
Security researchers have uncovered an active malware campaign, named Stealit, that uses a newer Node.js capability to ship malicious code as single-file executables, enabling infections on systems without Node.js installed. Researchers at Fortinet FortiGuard Labs also note some variants are built with the Electron framework, making delivery simpler and more covert. How the malware is
Microsoft has attributed a recent wave of cyberattacks to a threat group identified as Storm-1175, linking it to the exploitation of a critical flaw in Fortra’s GoAnywhere MFT software. The attacks ultimately led to the deployment of Medusa ransomware, affecting several organizations globally. The vulnerability, tracked as CVE-2025-10035 with a CVSS score of 10.0, is
Microsoft Links Storm-1175 to GoAnywhere Exploit, Medusa Ransomware Deployment Read More »
Both packages pose as useful developer libraries, however, they contain hidden functionality that fetches and runs additional Python code, which implants SilentSync. The trojan supports remote command execution, file theft, and screen capture, and it specifically targets browser data such as saved credentials, history, autofill information, and cookies from Chrome, Brave, Edge, and Firefox, according
Cybersecurity researchers have uncovered a major software supply chain attack targeting the npm registry, compromising more than 180 packages in its initial phase and eventually spreading to over 500 packages. The attack leverages a self-replicating worm, making it one of the most serious threats seen in the JavaScript ecosystem. How the Attack Works The malicious
Salesloft has confirmed that the recent breach impacting its Drift application was triggered by the compromise of its GitHub account, which opened the door for a wider supply chain attack. Breach Details According to Google-owned Mandiant, which is handling the investigation, the attackers, identified as UNC6395, gained unauthorized access to Salesloft’s GitHub account between March
GitHub Account Breach Triggers Salesloft Drift Incident Impacting 22 Companies Read More »
A recent investigation has uncovered that Microsoft relied on engineers located in China to provide support and maintenance for its SharePoint platform, the same collaboration tool that was recently exploited by Chinese state-backed hackers. This finding has triggered serious cybersecurity concerns, especially regarding insider threats in software that is heavily used by both private companies
Discovery of a Malicious Package Cybersecurity experts have identified a deceptive npm package called nodejs-smtp, designed to compromise desktop applications for cryptocurrency wallets such as Atomic and Exodus on Windows systems. The package was uploaded to the npm registry in April 2025 by a user named “nikotimon.” Although it has since been removed, it managed
Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets Read More »
A new supply-chain attack has compromised the widely used NX build tool, impacting more than 1,400 developers. Security researchers discovered that a malicious post-install script was added, which silently created a GitHub repository named s1ngularity-repository in affected users’ accounts. Inside this repository, attackers stored a base64-encoded dump containing highly sensitive information, including wallet files, API
NX Build Tool Hacked to Steal Wallets and Secrets Read More »
The maintainers of the Nx build system have warned users about a supply chain attack that allowed cybercriminals to release malicious versions of the popular npm package along with supporting plugins, designed to steal sensitive information. According to the advisory published on Wednesday, “Malicious versions of the Nx package, and certain auxiliary plugins, were uploaded