Newly discovered npm package 'fezbox' employs QR codes to hide a second-stage payload to steal cookies from a user's web browser. The package, masquerading as a utility library, leverages this innovative steganographic technique to harvest sensitive data, such as user credentials, from a compromised machine.| BleepingComputer
The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, but attackers made little profit off it.| BleepingComputer
GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale incidents recently.| BleepingComputer
.png)
The popular packages debug and chalk on npm have been compromised with malicious code| www.aikido.dev
Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems.| BleepingComputer
