网络安全研究人员发现，网络犯罪分子正在利用Discord webhook作为替代性命令与控制（C2）通道，渗透主流编程语言生态系统。与传统C2服务器不同，webhook提供免费且隐蔽的数据外传渠道，能够完美隐藏在合法的HTTPS流量中。 过去一个月内 ...

A series of malicious packages hidden within the Node Package Manager (npm), the largest software registry for JavaScript, has been uncovered. According to a new advisory published by FortiGuard on ...

Researchers expose Discord webhook C2 in npm, PyPI, RubyGems; North Korean actors published 338 malicious npm packages with ...

Malicious NPM packages pretending to be Roblox libraries are delivering ransomware and password-stealing trojans on unsuspecting users. After the malicious NPM libraries are added to a project and ...

New malicious NPM packages have been discovered that install the njRAT remote access trojan that allows hackers to gain control over a computer. NPM is a JavaScript package manager that allows ...

Node Package Manager (NPM) is installed on your Windows computer once you install Node.js. It is a package manager for modules of Node.js, and it’s ready to run on your Windows PC. In this article, we ...