Infosecurity Magazine

Lookalike npm Package Hides a Multi-Stage Windows RAT

A malicious npm package has been caught impersonating one of the JavaScript ecosystem's most widely used build tools. The ...
Appuals

How to Fix MSI Afterburner Fan Curve Not Applying?

If an MSI Afterburner fan curve looks saved but the GPU ignores it, the first question is whether Afterburner is actually in ...
The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.
Wall Street Journal

China Is Propping Up the World Economy by Importing a Lot Less Oil

A sharp fall in China’s crude oil imports during the Iran war has been instrumental in holding down oil prices and keeping the global economy humming. Clues are emerging in the mystery of the missing ...
Bleeping Computer

GitHub announces npm security changes to tackle supply-chain attacks

GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking supply-chain attacks abusing behaviors triggered by the 'npm install' command.
GitHub

sapphi-red/fresh-import

This isolates the module graph, not the realm, so imported code still shares process globals. It is not a security sandbox.
Microsoft

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the ...