Cybersecurity specialists report the detection of a set of malicious packages in Node.js package manager repository (npm) designed to collect Discord tokens and eventually take control of the affected accounts.
GitHub researchers announced the detection of two severe security flaws in NPM, the Node.js package manager. According to the report, one of these flaws could be exploited by threat actors
The developers of Sonatype, an automated malware detection system, report the finding of a set of malicious packages in the npm registry; According to the report, these malicious payloads are
Nothing is safe these days, not even Node’s npm.The Node.js Package Manager (or just npm) allows the author of a malicious package to infect other packages and propagate malicious scripts