Dark Reading

Npm Package Hides Malware in Steganographic QR Codes

Attackers have poisoned a code package on the npm registry in a novel way, hiding credential-stealing malware in steganographic QR codes embedded in a package purporting to offer a JavaScript utility.
Infosecurity-magazine.com

Npm Package Hijacked to Steal Data and Crypto via AI-Powered Malware

A threat actor released malicious updates on the npm package repository for components of a tool popular among developers intending to steal cryptocurrencies and key developer data. According to a ...