The npm packages @rspack/core, @rspack/cli, and “vant” were hijacked after attackers accessed a compromised npm token. The attackers published malicious versions of the projects, which were caught by Sonatype’s automated malware detection systems. The compromised versions deployed a Monero crypto miner. Both projects detected the compromise and have since issued safe versions, advising users to upgrade and check for signs of compromise.
Malicious Apps On Amazon Appstore Records Screen & Intercept OTP’s
Researchers have discovered an app on Amazon’s App Store masquerading as a harmless health tool used to calculate BMI, but it steals user data. The
