Tag: typosquatting

Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via...

Cyber security January 20, 2025

Cybersecurity researchers have identified three sets of malicious packages across the npm and Python Package Index (PyPI) repository that come with capabilities to steal...

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools

Cyber security December 19, 2024

Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads...

Malicious NPM Packages Target Roblox Users with Data-Stealing Malware

Cyber security November 8, 2024

A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware...

GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code

Cyber security September 7, 2024

Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages. These...

PyPI Halts Signal-Ups Amid Surge of Malicious Bundle Uploads Concentrating on...

Cyber security April 5, 2024

The maintainers of the Python Bundle Index (PyPI) repository briefly suspended new person sign-ups following an inflow of malicious initiatives uploaded as a part...