A Node.js module downloaded millions of times has a security flaw that can enable attackers to perform a denial-of-service (DoS) attack on a server or get full-fledged remote shell access.

A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT).

Remote access Trojan found in npm package with 40,000 weekly downloads Attackers had added malicious code to the rand-user-agent package, which is used for automatic tests and web scraping, among ...