Microsoft

Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access

Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...

Miasma campaign poisons 20-plus npm packages, hunts for developer secrets

Microsoft says latest attack targets Leo Platform and RStreams packages, harvesting creds and going after more maintainers ...
The Hacker News

Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant

Microsoft says hotel phishing emails are using Calendly links and photo ZIP files to drop the TonRAT Node.js implant on front ...
The Hacker News

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

ClickFix attacks are delivering BabaDeda, Lorem Ipsum, and Potemkin loaders to deploy stealers, RATs, and ransomware-linked ...
GitHub

Volta JS – JavaScript Runtime and Toolchain Management Platform

Volta JS is a development platform designed to simplify JavaScript runtime management and toolchain configuration. The volta js environment helps developers maintain consistent project settings while ...
Bleeping Computer

New IronWorm malware hits 36 packages in npm supply-chain attack

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...