セキュリティ企業のKoiが、ユーザーの情報収集を目的とした126種もの悪意あるnpmパッケージを発見したことを報告しました。これらのnpmパッケージは合計8万6000回以上ダウンロードされており、AIの幻覚(ハルシネーション)を悪用する兆候も確認されたとのこと。Koiはこの攻撃手法を「PhantomRaven」と名付けています。

Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities ...

For the past four months, over 130 malicious NPM packages deploying information stealers have been collectively downloaded ...

The leak has now been fixed. According to the Open VSX team, the incident has been fully contained and closed since October ...

These packages are very popular, with approximately 1,020,000 weekly downloads, making this a massive supply chain attack that could have widespread consequences. The malicious code is heavily ...

Nx is the latest target of a software supply chain attack in the NPM ecosystem, with multiple malicious versions being uploaded to the NPM registry on Tuesday evening.… According to researchers at Wiz ...

Researchers say the malware was in the repository for two weeks, advise precautions to defend against malicious packages.