A new supply-chain attack compromised at least 187 npm packages, targeting developer secrets across software projects Shai-Hulud worm looks to steal credentials, modify packages, and spread malware ...
Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.
At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...
Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component ...
Researchers say the malware was in the repository for two weeks, advise precautions to defend against malicious packages.
Software supply chain security firm JFrog has disclosed the details of a critical vulnerability affecting a popular React ...
When a token with publishing rights was stolen, multiple poisoned Nx variants were released The malware stole secrets and other important data The attack lasted a few hours, but could be causing ...
The ongoing ‘PhantomRaven’ malicious campaign has infected 126 npm packages to date, representing 86,000 downloads ...
Recently, security researchers Socket found 10 packages on npm targeting software developers, specifically those who use the ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback