CyberSecurityBoard
Sponsor Register Login

Malicious NPM Package Targeting Node.js SMTP Servers Found Stealing Credentials

A newly discovered malicious NPM package targeting Node.js SMTP servers has been found stealing sensitive credentials from developers and organizations. This package, disguised as a legitimate utility, infiltrates development environments by exploiting the widespread use of Node.js and its package manager, NPM. Once installed, it silently captures SMTP credentials, enabling attackers to intercept emails and potentially launch further attacks such as phishing or data exfiltration. The incident highlights the growing threat of supply chain attacks in the software development ecosystem, emphasizing the need for rigorous package vetting and security practices. Developers are urged to audit their dependencies regularly and use trusted sources to mitigate risks. This attack underscores the importance of securing development pipelines and monitoring for unusual network activities to prevent credential theft and maintain organizational security integrity.

This Cyber News was published on thehackernews.com. Publication date: Tue, 02 Sep 2025 22:14:04 +0000


Cyber News related to Malicious NPM Package Targeting Node.js SMTP Servers Found Stealing Credentials

Malicious NPM Package Targeting Node.js SMTP Servers Found Stealing Credentials - A newly discovered malicious NPM package targeting Node.js SMTP servers has been found stealing sensitive credentials from developers and organizations. This package, disguised as a legitimate utility, infiltrates development environments by ...
1 day ago Thehackernews.com
'everything' blocks devs from removing their own npm packages - Since these 3,000+ packages manage to include every single npm package on the npmjs.com registry as their dependency, npm package authors who have ever published to the npm registry would now be unable to remove their packages at will, because of ...
1 year ago Bleepingcomputer.com
Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin - On December 14th, 2023, during our Bug Bounty Program Holiday Bug Extravaganza, we received a submission for an Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations. This vulnerability ...
1 year ago Wordfence.com
npm 'accidentally' removes Stylus package, breaks builds and pipelines - Panya (the former maintainer of Stylus) used their own account to release a package containing malicious code (for security research purposes? I am unsure), but did not release a new version of Stylus containing malicious code. BleepingComputer ...
1 month ago Bleepingcomputer.com
Lazarus Hackers Weaponized 6 npm Packages To Steal Logins - The hackers successfully compromised six popular npm packages, injecting malicious code designed to harvest login credentials from thousands of developers and organizations worldwide. A sophisticated supply chain attack orchestrated by the notorious ...
5 months ago Cybersecuritynews.com Lazarus Group
Malicious NPM, PyPI Packages Stealing User Information - Check Point and Phylum are warning of recently identified NPM and PyPI packages designed to steal user information and download additional payloads. Taking advantage of the broad use of open source code in application development, malicious actors ...
2 years ago Securityweek.com
361 million stolen accounts leaked on Telegram added to HIBP - A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check ...
1 year ago Bleepingcomputer.com
Malicious NPM Package Mimics as Popular Nodemailer - A recent cybersecurity incident has revealed a malicious npm package designed to impersonate the widely-used Nodemailer library, a popular tool for sending emails in Node.js applications. This fake package was uploaded to the npm registry, aiming to ...
1 day ago Cybersecuritynews.com
New NPM Attack Infecting Local Packages With Cleverly Hidden Malicious Payload - These packages act as downloaders, injecting malicious code into locally installed versions of the legitimate ethers package, ultimately creating a reverse shell on the victim’s machine. The threat actor may have been attempting to ...
5 months ago Cybersecuritynews.com
New npm attack poisons local packages with backdoors - Two malicious packages were discovered on npm (Node package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor. In general, when downloading packages from package indexes like PyPI and ...
5 months ago Bleepingcomputer.com
Malicious PyPI packages targeting highly specific MacOS machines - As part of our software package supply chain security efforts, we continuously scan for malware in newly released PyPI and NPM packages. In this post, we describe a particularly interesting cluster of malicious packages that we've identified. In late ...
1 year ago Securitylabs.datadoghq.com
SMTP Smuggling Allows Spoofed Emails to Bypass Authentication Protocols - A new attack technique named SMTP Smuggling can allow malicious actors to send out spoofed emails that bypass authentication mechanisms. SMTP Smuggling was discovered by Timo Longin, a researcher known for DNS attacks, in collaboration with SEC ...
1 year ago Securityweek.com
SMTP Smuggling Allows Spoofed Emails to Bypass Authentication Protocols - A new attack technique named SMTP Smuggling can allow malicious actors to send out spoofed emails that bypass authentication mechanisms. SMTP Smuggling was discovered by Timo Longin, a researcher known for DNS attacks, in collaboration with SEC ...
1 year ago Packetstormsecurity.com
DPython's Poisoned Package: Another 'Blank Grabber' Malware in PyPI - Python Package Index is a platform that offers an extensive range of packages to simplify and enhance the development process. Malicious actors regularly upload phishing packages in the platform's repository aimed at delivering malware to steal the ...
1 year ago Imperva.com
CVE-2022-29244 - npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace<name>`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of ...
2 years ago
Malicious npm package using steganography downloaded by hundreds - Researchers at Veracode, a code security assessment company, found that the first version of the package was added to the Node Package Manager (NPM) index on March 19 and was benign, as it only collected operating system information from the host. ...
3 months ago Bleepingcomputer.com
Developers Beware of npm Phishing Email That Steal Your Login Credentials - The phishing domain operates as a full proxy of the npm website, seamlessly replicating the user interface while intercepting login credentials through fake authentication pages accessible at with unique tracking tokens. Cyber Security News is a ...
1 month ago Cybersecuritynews.com
Hackers breach Toptal GitHub account, publish malicious npm packages - In the days that followed, the attackers modified the source code of Picasso on GitHub to include malware and published 10 malicious packages on NPM as Toptal, making them appear as legitimate updates. According to code security ...
1 month ago Bleepingcomputer.com
Kubernetes DaemonSet: Monitoring in Kubernetes - That's why it makes sense to collect logs from every node and send them to some sort of central location outside the Kubernetes cluster for persistence and later analysis. A DaemonSet in Kubernetes is a specific kind of workload controller that ...
1 year ago Feeds.dzone.com
CVE-2021-43616 - ** DISPUTED ** The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier ...
2 years ago
Credentials are Still King: Leaked Credentials, Data Breaches and Dark Web Markets - Infostealers infect computers, steal all of the credentials saved in the browser along with active session cookies and other data, then export it back to command and control infrastructure before, in some cases, self-terminating. This article will ...
1 year ago Bleepingcomputer.com
Ten new Android banking trojans targeted 985 bank apps in 2023 - This year has seen the emergence of ten new Android banking malware families, which collectively target 985 bank and fintech/trading apps from financial institutes across 61 countries. Banking trojans are malware that targets people's online bank ...
1 year ago Bleepingcomputer.com
North Korean Lazarus hackers infect hundreds via npm packages - The packages contain malicious code designed to steal sensitive information, such as cryptocurrency wallets and browser data that contains stored passwords, cookies, and browsing history. The packages, which have been downloaded 330 times, are ...
5 months ago Bleepingcomputer.com
Node.js Vulnerability Allows Attackers to Crash the Process & Halt Services - The Node.js project has issued urgent security updates after disclosing a high-severity vulnerability that could allow remote attackers to crash Node.js processes, potentially halting critical services and causing widespread denial of service across ...
3 months ago Cybersecuritynews.com CVE-2025-23167
Ripple XPRL Official NPM Package Hijacked To Inject Private Key Stealing Malware - “This package is used by hundreds of thousands of applications and websites, making it a potentially catastrophic supply chain attack on the cryptocurrency ecosystem,” warned Charlie Eriksen, a malware researcher at Aikido Security. The ...
4 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)