How We're Protecting Our Newsroom from npm Supply Chain Attacks | pnpm

We got lucky with Shai-Hulud 2.0.

Notes 202552 :: Juan B. Rodriguez

run unix on your computer

NPM package with 56,000 downloads compromises WhatsApp accounts

An NPM package with over 56,000 downloads stole WhatsApp credentials, hid its activity, and installed a backdoor.

ezff

Plain English wrapper for ffmpeg. Stop Googling ffmpeg commands.. Latest version: 0.1.1, last published: a day ago. Start using ezff in your project by running `npm i ezff`. There are no other projects in the npm registry using ezff.

feedback on announced plan to kill TOTP · community · Discussion #174505

Select Topic Area Product Feedback Body Personally, I see this as a very harmful decision. It will kill my workflow; having to open a web browser is very disruptive (which is why i still use TOTP a...

npm Registry Abused for Targeted Spearphishing Campaign

A five-month spearphishing operation has transformed the npm registry into a durable hosting layer for AiTM credential theft, specifically targeting sales teams in the manufacturing and healthcare industries.

Malicious npm package steals WhatsApp accounts and messages

A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal WhatsApp messages, collect contacts, and gain access to the account.

NPM Package With 56K Downloads Caught Stealing WhatsApp Messages