SecurityWeek

Tens of Thousands of Malicious NPM Packages Distribute Self-Replicating Worm

A threat actor has published tens of thousands of malicious NPM packages that contain a self-replicating worm, security researchers warn.
InfoWorld

Malicious npm package sneaks into GitHub Actions builds

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...
The Hacker News

Npm Package Targeting GitHub-Owned Repositories Flagged as Red Team Exercise

Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " ...
CSO Online

Vibe-coded ransomware proof-of-concept ended up on Microsoft’s marketplace

A suspicious Visual Studio Code extension with file-encrypting and data-stealing behavior successfully bypassed marketplace ...
CSO Online

North Korean hackers exploit Google’s safety tools for remote wipe

The campaign hijacked Google accounts to abuse Android’s Find Hub feature, remotely wiping victims’ phones while spreading ...