For the first time, RL researchers discover malicious locally-installed npm packages infecting other legitimate packages.| ReversingLabs
A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google Calendar links to host the URL for the command-and-control location.| BleepingComputer
SentinelOne has shared more details on an attempted supply chain attack by Chinese hackers through an IT services and logistics firm that manages hardware logistics for the cybersecurity firm.| BleepingComputer