The security team behind the "npm" repository for JavaScript libraries removed two npm packages this Monday for containing malicious code that installed a remote access trojan (RAT) on the computers ...
GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ...
What is Mini Shai-Hulud npm supply chain attack, and was Microsoft and Socket hit by malware? A new npm supply chain attack ...
Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...
Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a ...
Amazon researchers discovered more than 150,000 malicious packages in the NPM registry, in what they called "a defining moment in supply chain security." The packages were part of a token farming ...
According to researchers Andrey Polkovnychenko and Shachar Menashe, the repositories were first detected on March 21 and steadily grew from roughly 50 malicious npm packages to over 200 in a matter of ...
An active campaign named ‘PhantomRaven’ is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD secrets, and GitHub credentials. The activity started in ...
The typosquatted packages auto-execute on installation, fingerprint victims by IP, and deploy a PyInstaller binary to harvest credentials from browsers, SSH keys, API tokens, and cloud configuration ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results