SecurityWeek

NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data

A malicious NPM package that functions as a WhatsApp Web API library has been caught stealing users’ credentials and data, Koi Security warns. The package, ‘Lotusbail’, a fork of the ‘Baileys’ library ...
Bleeping Computer

Malicious NPM packages fetch infostealer for Windows, Linux, macOS

Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component that collects sensitive data from Windows, Linux, and macOS systems. The ...
The Hacker News

npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to ...
TechRepublic

Malware Injected Into Code Packages That Get 2 Billion+ Downloads Each Week

Malware Injected Into Code Packages That Get 2 Billion+ Downloads Each Week Your email has been sent An attack targeting the Node.js ecosystem was just identified ...
Ars Technica

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to be the world’s biggest supply-chain attack ever. “Sorry everyone, I should ...
SiliconANGLE

Massive npm hack poisons 18 packages with billions of downloads

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after attackers injected malware into 18 popular packages that together account for ...
Visual Studio Magazine

TypeScript 5.9 RC Brings Deferred Imports, Node.js 20 Module Target

TypeScript 5.9 has reached the release candidate (RC) stage with enhancements for modern module behavior, hover tooltips, and deferred module evaluation. Microsoft announced the RC on July 25, ahead ...
GitHub

[FEATURE] Deployment on AWS Amplify

I can't deploy Flowise on AWS Amplify. I use many versions of amlify.yml but no success. I have a time out after 30 minutes. It's blocking here : .... [INFO ...
IEEE

Navigating Strategies to Mitigate Insulation Issues Within High Power Density (U)WBG Power Module Packages: A Comprehensive Review Emphasizing Alternative Encapsulation Materials

Abstract: The future of packaging for power modules hinges on the advancement of (U)WBG) materials like SiC, AlN, and diamond. However, pushing these boundaries faces significant challenges in ...
The Hacker News

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools

Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry.
Bleeping Computer

Malicious PyPI package with 37,000 downloads steals AWS keys

A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers. According to ...
GitHub

install fail node -v 18.13.0 python -v 3.13.0 macpro m2

[1/4] 🔍 Resolving packages... warning canvas > @mapbox/node-pre-gyp > rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported warning canvas > @mapbox/node-pre-gyp > npmlog@5.0.1: This ...