Skip to content
Linkedin-in Envelope Map-marker-alt
×
  • Italian
  • English
SecurityIT | Cyber Security Consulting
 
  • Home
  • Company
    • About Us
    • Culture and values
    • Il team
    • ISO certified company
    • Mission
  • Training
    • List of courses
  • Cyber security
    • Penetration test
    • ADVICE ISO / IEC 27001
    • Consulenza informatica in ambito privacy
    • Vulnerability assessment consulting
    • Payment card industry data security standard
    • Business continuity management e disaster recovery
    • Code security review
    • Mobile protection
    • Services of cyber threat intelligence
    • Forensic analysis and investigation
    • Social media Security
  • Integration Systems IT
    • Solutions
  • News
  • Contacts
×
  • Home
  • Company
    • About Us
    • Culture and values
    • Il team
    • ISO certified company
    • Mission
  • Training
    • List of courses
  • Cyber security
    • Penetration test
    • ADVICE ISO / IEC 27001
    • Consulenza informatica in ambito privacy
    • Vulnerability assessment consulting
    • Payment card industry data security standard
    • Business continuity management e disaster recovery
    • Code security review
    • Mobile protection
    • Services of cyber threat intelligence
    • Forensic analysis and investigation
    • Social media Security
  • Integration Systems IT
    • Solutions
  • News
  • Contacts
SecurityIT | Cyber Security Consulting
 
  • Home
  • Company
    • About Us
    • Culture and values
    • Il team
    • ISO certified company
    • Mission
  • Training
    • List of courses
  • Cyber security
    • Penetration test
    • ADVICE ISO / IEC 27001
    • Consulenza informatica in ambito privacy
    • Vulnerability assessment consulting
    • Payment card industry data security standard
    • Business continuity management e disaster recovery
    • Code security review
    • Mobile protection
    • Services of cyber threat intelligence
    • Forensic analysis and investigation
    • Social media Security
  • Integration Systems IT
    • Solutions
  • News
  • Contacts
×
  • Home
  • Company
    • About Us
    • Culture and values
    • Il team
    • ISO certified company
    • Mission
  • Training
    • List of courses
  • Cyber security
    • Penetration test
    • ADVICE ISO / IEC 27001
    • Consulenza informatica in ambito privacy
    • Vulnerability assessment consulting
    • Payment card industry data security standard
    • Business continuity management e disaster recovery
    • Code security review
    • Mobile protection
    • Services of cyber threat intelligence
    • Forensic analysis and investigation
    • Social media Security
  • Integration Systems IT
    • Solutions
  • News
  • Contacts

Category: NPM

  1. Home
  2. NPM

Tens of Thousands of Malicious NPM Packages Distribute Self-Replicating Worm

The spam campaign is likely orchestrated by an Indonesian threat actor, based on code comments and the packages’ random names.

The post Tens of Thousands of Malicious NPM Packages Distribute Self-Replicating Worm appeared first on SecurityWeek.

Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks

Arbitrary command/code execution has been demonstrated through the exploitation of CVE-2025-11953 on Windows, macOS and Linux. 

The post Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks appeared first on SecurityWeek.

136 NPM Packages Delivering Infostealers Downloaded 100,000 Times

The packages deployed malicious code harvesting system information, credentials, tokens, API keys, and other sensitive information.

The post 136 NPM Packages Delivering Infostealers Downloaded 100,000 Times appeared first on SecurityWeek.

NPM Infrastructure Abused in Phishing Campaign Aimed at Industrial and Electronics Firms

Threat actors used automation to create over 175 malicious NPM packages targeting more than 135 organizations.

The post NPM Infrastructure Abused in Phishing Campaign Aimed at Industrial and Electronics Firms appeared first on SecurityWeek.

GitHub Boosting Security in Response to NPM Supply Chain Attacks 

github-boosting-security-in-response-to-npm-supply-chain-attacks 

GitHub will implement local publishing with mandatory 2FA, granular tokens that expire after seven days, and trusted publishing.

The post GitHub Boosting Security in Response to NPM Supply Chain Attacks  appeared first on SecurityWeek.

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit

shai-hulud-supply-chain-attack:-worm-used-to-steal-secrets,-180+-npm-packages-hit

The packages were injected with malicious code to harvest secrets, dump them to a public repository, and make private repositories public.

The post Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit appeared first on SecurityWeek.

Highly Popular NPM Packages Poisoned in New Supply Chain Attack

Designed to intercept cryptocurrency transactions, the malicious code reached 10% of cloud environments.

The post Highly Popular NPM Packages Poisoned in New Supply Chain Attack appeared first on SecurityWeek.

High-Value NPM Developers Compromised in New Phishing Campaign

Hackers have injected malware into popular NPM packages after compromising several developer accounts in a fresh phishing campaign.

The post High-Value NPM Developers Compromised in New Phishing Campaign appeared first on SecurityWeek.

React Native Aria Packages Backdoored in Supply Chain Attack

A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.

The post React Native Aria Packages Backdoored in Supply Chain Attack appeared first on SecurityWeek.

Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems

Two malicious NPM packages contain code that would delete production systems when triggered with the right credentials.

The post Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems appeared first on SecurityWeek.

  • Previous
  • 1
  • 2
  • 3
  • Next
SecurityIT | Cyber Security Consulting
Linkedin-in Envelope Map-marker-alt

The group

  • Company
  • ISO certified company
  • About Us
  • Team
  • Culture and values
  • Mission
×
  • Company
  • ISO certified company
  • About Us
  • Team
  • Culture and values
  • Mission

Services

  • Computer consulting services
  • Social media Security
  • Forensic analysis and investigation
  • Services of cyber threat intelligence
  • Mobile protection
  • Code security review
  • Business continuity management e disaster recovery
  • Payment card industry data security standard
  • Vulnerability assessment consulting
  • Consulenza informatica in ambito privacy
  • ADVICE ISO / IEC 27001
  • Penetration test
×
  • Computer consulting services
  • Social media Security
  • Forensic analysis and investigation
  • Services of cyber threat intelligence
  • Mobile protection
  • Code security review
  • Business continuity management e disaster recovery
  • Payment card industry data security standard
  • Vulnerability assessment consulting
  • Consulenza informatica in ambito privacy
  • ADVICE ISO / IEC 27001
  • Penetration test

© show.it | All Rights Reserved | VAT 06984320017 | Privacy Policy | Cookie Policy | Made by incio.it

My Agile Privacy®
✕

This site uses technical and profiling cookies. 

You can accept, reject, or customize the cookies by clicking the desired buttons. 

By closing this notice, you will continue without accepting. 

AcceptRefuseCustomize
Consent

Privacy Settings

This website uses cookies to improve your experience while you navigate through the website.

Google AnalyticsAlways Enabled

Google Analytics è un servizio di analisi web fornito da Google Ireland Limited (“Google”). Google utilizza i dati personali raccolti per tracciare ed esaminare l’uso di questo sito web, compilare report sulle sue attività e condividerli con gli altri servizi sviluppati da Google. Google può utilizzare i tuoi dati personali per contestualizzare e personalizzare gli annunci del proprio network pubblicitario. Questa integrazione di Google Analytics rende anonimo il tuo indirizzo IP. I dati inviati vengono collezionati per gli scopi di personalizzazione dell'esperienza e il tracciamento statistico. Trovi maggiori informazioni alla pagina "Ulteriori informazioni sulla modalità di trattamento delle informazioni personali da parte di Google".

Luogo del trattamento: Irlanda - Privacy Policy

Additional consents:

Ad Storage
Ad Storage
Defines whether cookies related to advertising can be read or written by Google.
Ad User Data
Ad User Data
Determines whether user data can be sent to Google for advertising purposes.
Ad Personalization
Ad Personalization
Controls whether personalized advertising (for example, remarketing) can be enabled.
Analytics Storage
Analytics Storage
Defines whether cookies associated with Google Analytics can be read or written.
Cloudflare Web Analytics
Cloudflare Web Analytics

Cloudflare Web Analytics è un servizio di statistica anonimizzata fornito da Cloudflare Inc. che permette al Titolare di ottenere informazioni sull’utilizzo di questo sito web.

Privacy Policy

Google Maps widget
Google Maps widget

Google Maps è un servizio di visualizzazione di mappe gestito da Google Ireland Limited. Questo servizio serve ad integrare tali contenuti all’interno delle proprie pagine.

Luogo del trattamento: Irlanda - Privacy Policy

Google reCAPTCHA
Google reCAPTCHA

Google reCAPTCHA è un servizio di protezione dallo SPAM fornito da Google Ireland Limited.

L'utilizzo del sistema reCAPTCHA è soggetto alla privacy policy  secondo termini di utilizzo di Google.

Luogo del trattamento: Irlanda - Privacy Policy

Gravatar
Gravatar

Gravatar è un servizio di visualizzazione di immagini gestito da Automattic Inc. che permette a Automattic Inc. di integrare tali contenuti all’interno delle proprie pagine.

Luogo del trattamento: Stati Uniti - Privacy Policy

GDPR Cookie Banner by My Agile Privacy®