News

Supply chain attack hits npm package with 45,000 weekly downloads
An npm package named 'rand-user-agent' has been compromised in a supply chain attack to inject obfuscated code that activates ...
The Hacker News24y
Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
Malicious npm packages targeting Cursor macOS users stole credentials and disabled updates, impacting 3,200+ downloads.
CSO Online8d
Hackers booby trap NPM with cross-language imposter packages
Developers adept at multiple coding languages are tricked into installing a familiar-sounding package from within the Node ...
SecurityWeek6d
Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack
Supply chain attack compromises the popular rand-user-agent scraping NPM package to deploy and activate a backdoor.
SecurityWeek6d
Malicious NPM Packages Target Cursor AI’s macOS Users
Three NPM packages posing as developer tools for Cursor AI code editor’s macOS version contain a backdoor, researchers warn.
it-daily.net4d
Cursor AI: Malware detected in fake NPM packages
Security researchers have identified three malicious NPM packages masquerading as developer tools for the AI-powered code ...
Hosted on MSN22d
Ripple NPM supply chain attack hunts for private keys
Many versions of the Ripple ledger (XRPL) official NPM package are compromised with malware injected to steal cryptocurrency.… The NPM package, xrpl, is a JavaScript/TypeScript library that devs ...
Taiwan News2d
Vivani Medical Provides Business Update Including $3M Equity Financing and Reports First Quarter 2025 Financial Results
On March 27, 2025, Vivani announced that it has entered into a securities purchase agreement to issue and sell an aggregate of 7,366,071 shares, each at a price of $1.12 per share, expected to result ...
Network World13d
ExtraHop looks to eliminate ‘extra hops’ in NDR stack
Seattle-based ExtraHop got its start back in 2007, largely focused on network performance monitoring (NPM). The company has ...