this post was submitted on 26 May 2025
5 points (100.0% liked)

Pulse of Truth

1253 readers
11 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago
MODERATORS
krogoth@infosec.pub
5
Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto (thehackernews.com)
submitted 1 month ago by lemmydev2@infosec.pub to c/pulse_of_truth@infosec.pub
0 comments fedilink hide all child comments
 

As many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint. The packages, published under three different accounts, come with an install‑time script that's triggered during npm install, Socket security researcher Kirill Boychenko said in a

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here