Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know

Ten typosquatted npm packages delivered infostealing malware to nearly 10,000 systemsMalware targeted system keyrings, bypassing app-level security to steal decrypted credentialsAffected users must ...
Bleeping Computer

NPM nukes NodeJS malware opening Windows, Linux reverse shells

NPM has removed multiple packages hosted on its repository this week that established connection to remote servers and exfiltrated user data. These 4 packages had collected over 1,000 total downloads ...
ZDNet

Malicious npm packages caught installing remote access trojans

The security team behind the "npm" repository for JavaScript libraries removed two npm packages this Monday for containing malicious code that installed a remote access trojan (RAT) on the computers ...
CSOonline

North Korean cyberspies trick developers into installing malware with fake job interviews

Once accepted, the attackers tell developers to download a Node.js project as part of a practical test. The trojanized project on launch deploys a RAT and infostealer malware targeting all major OS ...
Bleeping Computer

NPM Fails Worldwide With "ERR! 418 I'm a Teapot" Error

Users of the NPM JavaScript package manager were greeted by a weird error yesterday evening, as their consoles and applications spewed a message of "ERR! 418 I'm a ...