New malware campaign uses typo-squatting and fake developer packages to spread threats across Windows and Linux.

All malicious npm packages carried identical payloads for snooping sensitive network information from developers’ systems.

Cybersecurity researchers Socket have warned of multiple malicious packages hosted on NPM, stealing sensitive user data and ...

Socket's threat researchers have uncovered a package lurking in npm for six years that awaits a remote command to wipe ...

Nasdaq has partnered with Nasdaq Private Market (NPM), a provider of secondary liquidity solutions to private companies, ...

VS Code extensions deployed sandbox-evasive malware to steal system data, developer credentials, and crypto wallets.

Security firm Socket warns flags a campaign targeting NPM users with tens of malicious packages that can hijack system information.

The risks associated with leveraging open source libraries, and the review needed, are increasing. In the first half of 2025, ...

Security experts at Socket’s Threat Research team, have discovered a campaign in the NPM ecosystem, which includes Malicious ...

A hacking campaign is spreading malicious reconnaissance scripts already downloaded more than 3,000 times from the JavaScript ...

A new attack on the supply chain threatens workstations and CI environments. The malicious script spies on internal data for ...

Real-Time Private Company Dataset Offers Critical Pricing and Valuation Insights for Private Companies, Investors, and AdvisorsNEW YORK, June 04, 2025 (GLOBE NEWSWIRE) -- Nasdaq® (Nasdaq: NDAQ) ...