A self-replicating worm has been quietly spreading across the npm registry using a method most security teams do not watch for. Instead of hiding inside package.json scripts, the attacker weaponized a tiny configuration file called binding.gyp to trigger malicious code the moment a developer runs...

#Malware

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

binding.gyp Supply Chain Attack Compromises Dozens of npm Packages Across Maintainer Accounts

VERWANDTEARTIKEL

Hackers Impersonate Ghidra, dnSpy, and SpiderFoot to Spread Malware via Fake Download Sites

Hackers Use Malicious Ads to Deliver FlutterShell Backdoor on macOS Systems

Hackers Use Fake Claude Code Install Page to Deliver Fileless .NET Infostealer

IronWorm Supply Chain Attack Uses Malicious npm Packages to Steal Developer Secrets

Cybercriminals Shift From Fake Login Pages to Infostealer Malware in Phishing Attacks

New IronWorm malware hits 36 packages in npm supply-chain attack