Each infected version has the ability to automatically spread itself to thousands of other repositories without any human ...
The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM ...
Malicious npm package mimics an ESLint plugin, embeds an AI-tricking prompt, and steals environment variables via a ...
Supply chain risk is unavoidable, but not unmanageable. Proactively prevent supply chain attacks by embedding YARA into ...
A major JavaScript supply-chain attack has compromised hundreds of software packages — including at least 10 used widely ...
The latest attack from the self-replicating npm-package poisoning worm can also steal credentials and secrets from AWS, ...
Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in ...
Approximately 640 NPM packages have been infected with a new variant of the Shai-Hulud self-replicating worm in a fresh wave of attacks.
The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, ...
Shai-Hulud malware infiltrates 490 NPM packages, stealing API keys and credentials from ENS and major crypto development ...
A new attempt to influence AI-driven security scanners has been identified in a malicious npm package. The package, ...
North Korean attackers have delivered more than 197 malicious packages as part of ongoing state-sponsored activity to ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback