Researchers found a malicious npm package named eslint-plugin-unicorn-ts-2 that attempts to deceive AI security scanners. It contains a hidden prompt and exfiltrates sensitive data during installation, highlighting a new tactic in cybercrime where attackers manipulate AI to avoid detection.

North Korean hackers behind the Contagious Interview campaign have added 197 new malicious packages to the npm registry, totaling over 31,000 downloads. These packages deliver a variant of the OtterCookie malware, which can capture sensitive information and establish remote access to infected machines. The campaign exploits fake job applications to trick users into installing the malware.

An npm package called 'rand-user-agent' was compromised in a supply chain attack, leading to the injection of a remote access trojan (RAT) in unauthorized versions. Despite being deprecated, the package had a significant number of downloads, and users are advised to revert to the last legitimate version and conduct full system scans if they installed the malicious updates. The attack was traced back to an outdated automation token that allowed the unauthorized releases.

Over 500 NPM packages were compromised by a self-replicating worm called Shai-Hulud, prompting the US Cybersecurity and Infrastructure Security Agency (CISA) to issue an alert for developers to secure their credentials and review dependencies. GitHub is implementing stricter authentication and security measures to prevent future attacks.

Two malicious npm packages, 'express-api-sync' and 'system-health-sync-api,' have been found to act as data wipers that delete entire application directories instead of functioning as advertised utilities. These packages, which have been removed from npm, contained backdoors that allowed attackers to execute destructive commands remotely, raising concerns about potential sabotage or state-level disruptions in the software ecosystem.