npm

A new Shai-Hulud supply chain attack has hit nearly 500 npm packages with a…

Nov 24, 2025Ravie LakshmananCloud Security / Vulnerability Multiple security vendors are sounding the alarm…

Introduction Tsundere is a new botnet, discovered by our Kaspersky GReAT around mid-2025. We…

Over 150,000 malicious packages recently submitted to the npm registry, are tied to a…

A coordinated token farming campaign continues to flood the open source npm registry, with…

eSecurity Planet content and product recommendations are editorially independent. We may make money when…

Security researchers have uncovered a large-scale spam campaign within the npm ecosystem, now known…

Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the…

Nov 11, 2025Ravie LakshmananSoftware Supply Chain / Malware Cybersecurity researchers have discovered a malicious…

A malicious npm package named “@acitons/artifact” was found impersonating the legitimate “@actions/artifact” module, directly…