Malicious NPM packages fetch infostealer for Windows, Linux, macOS

Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component ...

Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here ...

Recently, security researchers Socket found 10 packages on npm targeting software developers, specifically those who use the ...
The Hacker News

10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux

Ten typosquatted npm packages (Jul 4, 2025) delivered a 24MB PyInstaller info stealer using 4 obfuscation layers; ~9,900 ...
Bleeping Computer

241 npm and PyPI packages caught dropping Linux cryptominers

More than 200 malicious packages have been discovered infiltrating the PyPI and npm open source registries this week. These packages are largely typosquats of widely used libraries and each one of ...
Network World

Peeking into your Linux packages

Do you ever wonder how many thousands of packages are installed on your Linux system? And, yes, I said “thousands.” Even a fairly modest Linux system is likely to have well over a thousand packages ...
ZDNet

This new Arch Linux tool takes the hassle out of keeping packages up to date - here's how

New Arch tool alerts maintainers when packages are outdated. Bumpbuddy automates GitLab issue creation for updates. Web dashboard and API planned for future Bumpbuddy versions. Bumpbuddy is a new Arch ...
Lifehacker

Sushi Huh Grabs Linux Packages for Offline Installation

Windows/Linux: If you're planning a re-install of your Linux system that might involve being offline, free utility "Sushi Huh?" (actual name) can grab your software, and all the nagging dependencies, ...