Cybernews

New Shai-Hulud 3.0 variant discovered, closing out 2025 with a malware bang

A new strain of the Shai Hulud worm is discovered by researchers, signaling the self-propagating supply chain threat ...

Shai Hulud malware turns developers into unwitting distributors in NPM supply chain attacks

Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain ...
Bleeping Computer

npm packages caught serving TurkoRAT binaries that mimic NodeJS

Researchers have discovered multiple npm packages named after NodeJS libraries that even pack a Windows executable that resembles NodeJS but instead drops a sinister trojan. These packages, given ...

Malicious npm package steals WhatsApp accounts and messages

A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal ...
CSOonline

Legitimate looking npm packages found hosting TurkoRat infostealer

Despite efforts taken in recent years to proactively monitor public software repositories for malicious code, packages that bundle malware continue to routinely pop up in such places. Researchers ...

Worrying WhatsApp attack can steal messages and even accounts

Taking over WhatsApp accounts "The package wraps the legitimate WebSocket client that communicates with WhatsApp. Every ...
TWCN Tech News

How to Install NPM on Windows 11/10

Node Package Manager (NPM) is installed on your Windows computer once you install Node.js. It is a package manager for modules of Node.js, and it’s ready to run on your Windows PC. In this article, we ...
Ars Technica

Microsoft brings rich node.js support to Visual Studio

As the company continues to court programmers developing on software stacks that aren't its own, Microsoft has released a plugin for Visual Studio that provides extensive support for Node.js within ...