<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1076912843267184&amp;ev=PageView&amp;noscript=1">
The Buyer’s Guide to Software Supply Chain Security
Download Now!
Breaking Down NIST CSF 2.0 with NIST | Earn CPEs
Register Now
Gartner® Report: Mitigate Enterprise Software Supply Chain Risks
Get the Insights
July 22, 2021

The Hacker News: Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers

The Hacker News - Malicious NPM Package
A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser.

Read more: https://thehackernews.com/2021/07/malicious-npm-package-caught-stealing.html

Read ReversingLabs Research here: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords

MORE NEWS

Cybersecurity Insiders: Supply chain attacks demand a 3rd party risk re-think
News | August 14, 2023
Cybersecurity Insiders: Supply chain attacks demand a 3rd party risk re-think
Looked at from one angle, the recent attack on JumpCloud, a cloud-based identity and access management provider, was unsurprising.
Read More
Hack Read: VMCONNECT: Malicious PyPI Package Mimicking Common Python Tools
News | August 06, 2023
Hack Read: VMCONNECT: Malicious PyPI Package Mimicking Common Python Tools
Threat researchers at ReversingLabs, a software supply chain security and malware analysis platform, have discovered a malicious new PyPI package dubbed VMConnect on the Python Package Index (PyPI) repository.
Read More
The Hacker News: Malicious npm Packages Found Exfiltrating Sensitive Data from Developers
News | August 04, 2023
The Hacker News: Malicious npm Packages Found Exfiltrating Sensitive Data from Developers
Cybersecurity researchers have discovered a new bunch of malicious packages on the npm package registry that are designed to exfiltrate sensitive developer information.
Read More