InfoWorld

WhatsApp API worked exactly as promised, and stole everything

Malicious npm package posing as a WhatsApp Web API library operated for months as a functional dependency while stealing ...
GitHub

Azure DevOps npm auth

Simply set up user authentication to Azure DevOps npm feeds, optionally using the Azure CLI for Personal Access Token (PAT) acquisition. If you would like to acquire a PAT token manually and supply it ...
GitHub

aravind3566/react-native-install-unknown-apps

A lightweight React Native library to manage and enable the 'Install Unknown Apps' permission on Android devices. Ideal for apps that need to install APK files from external sources.
SecurityWeek

640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack

The new self-replicating worm iteration has destructive capabilities, erasing home directory contents if it cannot spread to more repositories. Approximately 640 NPM packages have been infected with a ...
Bleeping Computer

Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub

Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. The malicious ...
Bleeping Computer

Malicious NPM packages abuse Adspect redirects to evade security

Seven packages published on the Node Package Manager (npm) registry use the Adspect cloud-based service to separate researchers from potential victims and lead them to malicious locations. The purpose ...
nerdist

WELCOME TO DERRY Gives IT a Powerful Origin Story and Sets Up a Pennywise Bloodbath

Somehow, Welcome to Derry is already halfway through what we surely hope is the first of three seasons. (Give us the renewal news now, HBO!) Things are heating up in Derry, Maine as Pennywise’s ...