Infosecurity Magazine

Lookalike npm Package Hides a Multi-Stage Windows RAT

A malicious npm package has been caught impersonating one of the JavaScript ecosystem's most widely used build tools. The ...
Appuals

How to Fix MSI Afterburner Fan Curve Not Applying?

If an MSI Afterburner fan curve looks saved but the GPU ignores it, the first question is whether Afterburner is actually in ...
The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.
Bleeping Computer

GitHub announces npm security changes to tackle supply-chain attacks

GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking supply-chain attacks abusing behaviors triggered by the 'npm install' command.
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

Microsoft Threat Intelligence has uncovered an active supply chain attack involving malicious npm packages registered under organizational scopes that mirror real internal corporate namespaces, ...