Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

Malicious NPM Package Email Library Used to Steal Credentials

A malicious npm package disguised as an email library was discovered, aiming to steal user credentials and sensitive data. This attack highlights the ongoing risks in open-source software supply chains, where threat actors inject harmful code into popular packages to exploit developers and organizations relying on them. The malicious package was designed to intercept and exfiltrate credentials, posing significant security threats to users who unknowingly install compromised dependencies. This incident underscores the importance of rigorous security practices, including thorough package vetting, dependency auditing, and the use of automated tools to detect malicious code in software libraries. Organizations should also educate developers about the risks of third-party packages and encourage the use of trusted sources. The cybersecurity community continues to advocate for enhanced transparency and security measures in open-source ecosystems to prevent such attacks. This case serves as a critical reminder to maintain vigilance and implement robust security protocols to protect against supply chain compromises in software development environments.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Tue, 02 Sep 2025 15:50:03 +0000

Cyber News related to Malicious NPM Package Email Library Used to Steal Credentials

The 6 Best Email Security Software & Tools of 2024 - To guarantee full protection against email threats, important features to consider when picking an email security solution include email filtering and spam detection, sandboxing, mobile support, advanced machine learning, and data loss prevention. ...
11 months ago Esecurityplanet.com

10 Best Email Security Gateways in 2025 - Barracuda Email Security Gateway is a solution that helps protect organizations from email-borne threats such as spam, viruses, phishing, and other malicious content. It uses various methods, including filtering, encryption, and sandboxing, to ...
6 months ago Cybersecuritynews.com

'everything' blocks devs from removing their own npm packages - Since these 3,000+ packages manage to include every single npm package on the npmjs.com registry as their dependency, npm package authors who have ever published to the npm registry would now be unable to remove their packages at will, because of ...
1 year ago Bleepingcomputer.com

npm 'accidentally' removes Stylus package, breaks builds and pipelines - Panya (the former maintainer of Stylus) used their own account to release a package containing malicious code (for security research purposes? I am unsure), but did not release a new version of Stylus containing malicious code. BleepingComputer ...
1 month ago Bleepingcomputer.com

Email Security Trends And Predictions in 2024 - One of the most critical aspects of this broad topic is email security. Email security refers to the collective measures used to secure the access and content of an email account or service. An email service provider implements email security to ...
1 year ago Cybersecuritynews.com

Lazarus Hackers Weaponized 6 npm Packages To Steal Logins - The hackers successfully compromised six popular npm packages, injecting malicious code designed to harvest login credentials from thousands of developers and organizations worldwide. A sophisticated supply chain attack orchestrated by the notorious ...
5 months ago Cybersecuritynews.com Lazarus Group

Business Email Compromise Scams: Prevention and Response - We will also highlight red flags to watch out for in suspicious emails, emphasizing the importance of implementing robust email authentication methods and comprehensive employee training programs to enhance awareness and response capabilities. BEC ...
1 year ago Securityzap.com

Malicious NPM Package Mimics as Popular Nodemailer - A recent cybersecurity incident has revealed a malicious npm package designed to impersonate the widely-used Nodemailer library, a popular tool for sending emails in Node.js applications. This fake package was uploaded to the npm registry, aiming to ...
1 week ago Cybersecuritynews.com

New NPM Attack Infecting Local Packages With Cleverly Hidden Malicious Payload - These packages act as downloaders, injecting malicious code into locally installed versions of the legitimate ethers package, ultimately creating a reverse shell on the victim’s machine. The threat actor may have been attempting to ...
5 months ago Cybersecuritynews.com

Malicious NPM, PyPI Packages Stealing User Information - Check Point and Phylum are warning of recently identified NPM and PyPI packages designed to steal user information and download additional payloads. Taking advantage of the broad use of open source code in application development, malicious actors ...
2 years ago Securityweek.com

DPython's Poisoned Package: Another 'Blank Grabber' Malware in PyPI - Python Package Index is a platform that offers an extensive range of packages to simplify and enhance the development process. Malicious actors regularly upload phishing packages in the platform's repository aimed at delivering malware to steal the ...
1 year ago Imperva.com

North Korean Lazarus hackers infect hundreds via npm packages - The packages contain malicious code designed to steal sensitive information, such as cryptocurrency wallets and browser data that contains stored passwords, cookies, and browsing history. The packages, which have been downloaded 330 times, are ...
5 months ago Bleepingcomputer.com

10 Best Anti-Phishing Tools in 2025 - What is Good?What Could Be Better?Real-time email threat detection and response using AI and machine learning.Limited customer support optionsAutomates incident response to stop phishing attacks quickly.The training module is not entirely ...
1 month ago Cybersecuritynews.com

ACDS Unveils Tailored Email Security Essentials Package for SMBs to Protect from Malicious Communications - Email is the most common attack vector for cybercriminals, in fact the overwhelming majority of malware-related security incidents are delivered via email. It's no surprise that email security is at the forefront of many business leader's minds. In ...
1 year ago Itsecurityguru.org

Essential Email and Internet Safety Tips for College Students - Your email is one of the most important digital assets and identities because it helps you create accounts on other platforms. Securing your email requires you to pay attention to your passwords, gadgets, and the links you engage with. The places you ...
1 year ago Securityboulevard.com

What is an email signature? - An email signature - or signature block or signature file - is the block of text that appears at the end of an email message that provides more information about the sender. This can include details such as the sender's full name, occupation or job ...
1 year ago Techtarget.com

New npm attack poisons local packages with backdoors - Two malicious packages were discovered on npm (Node package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor. In general, when downloading packages from package indexes like PyPI and ...
5 months ago Bleepingcomputer.com

Beware: PayPal "New Address" feature abused to send phishing emails - The email includes the new address that was allegedly added to your PayPal account, including a message claiming to be a purchase confirmation for a MacBook M4, and to call the enclosed PayPal number if you did not authorize the purchase. The goal of ...
6 months ago Bleepingcomputer.com

Malicious PyPI packages targeting highly specific MacOS machines - As part of our software package supply chain security efforts, we continuously scan for malware in newly released PyPI and NPM packages. In this post, we describe a particularly interesting cluster of malicious packages that we've identified. In late ...
1 year ago Securitylabs.datadoghq.com

February 1, 2024: A Date All Email Senders Should Care About - For any organization sending bulk email or high email volumes to Google and Yahoo accounts, there's one date you should have flagged on your calendar. On February 1st, guidance indicates you'll need to pay attention if you are sending over 5000 ...
1 year ago Feedpress.me

Credentials are Still King: Leaked Credentials, Data Breaches and Dark Web Markets - Infostealers infect computers, steal all of the credentials saved in the browser along with active session cookies and other data, then export it back to command and control infrastructure before, in some cases, self-terminating. This article will ...
1 year ago Bleepingcomputer.com

Malicious NPM Package Email Library Used to Steal Credentials - A malicious npm package disguised as an email library was discovered, aiming to steal user credentials and sensitive data. This attack highlights the ongoing risks in open-source software supply chains, where threat actors inject harmful code into ...
6 days ago Infosecurity-magazine.com

Developers Beware of npm Phishing Email That Steal Your Login Credentials - The phishing domain operates as a full proxy of the npm website, seamlessly replicating the user interface while intercepting login credentials through fake authentication pages accessible at with unique tracking tokens. Cyber Security News is a ...
1 month ago Cybersecuritynews.com

Ledger JS library poisoned to steal $650K+ from wallets The Register - Cryptocurrency wallet maker Ledger says someone slipped malicious code into one of its JavaScript libraries to steal more than half a million dollars from victims. The library in question is Connect Kit, which allows DApps - decentralized software ...
1 year ago Go.theregister.com