Malware found on npm infecting local package with reverse shell
For the first time, RL researchers discover malicious locally-installed npm packages infecting other legitimate packages.
Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks
“Write once, infect everywhere” might be the new cybercrime motto, with newly discovered campaigns showing malicious npm packages powering phishing kits and supply chain attacks.