The Hacker News

Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

The coordinated campaign has so far published as many as 46,484 packages, according to SourceCodeRED security researcher Paul ...
CSO Online

Malicious packages in npm evade dependency detection through invisible URL links: Report

Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.
The Hacker News

Npm Package Targeting GitHub-Owned Repositories Flagged as Red Team Exercise

Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " ...

Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know

Recently, security researchers Socket found 10 packages on npm targeting software developers, specifically those who use the npm (Node Package Manager) ecosystem to install JavaScript and Node.js ...
CSO Online

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser ...
InfoWorld

Agentic coding with Google Jules

Jules performs better than Gemini CLI despite using the same model, and more like Claude Code and OpenAI Codex.

Thousands of fake packages flood npm registry in major attack - here's what we know

Over 43,000 dormant spam packages flooded npm in a coordinated two-year campaign Some packages contained worm-like scripts ...