A widespread campaign uses more than 24 malicious NPM packages loaded with JavaScript obfuscators to steal form data from multiple sites and apps

Attackers impersonated high-traffic NPM modules like umbrellajs and packages published by ionic.io

ReversingLabs discovered the threat actors behind IconBurst

Threat actor released decryption keys after abandoning malware to focus on cryptojacking

Researchers have disclosed what they say could be an attempt to kick-off a new large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository.

A recent study by ReversingLabs, conducted by Dimensional Research, found that less than a third of companies today use SBoMs