Each infected version has the ability to automatically spread itself to thousands of other repositories without any human ...
A major JavaScript supply-chain attack has compromised hundreds of software packages — including at least 10 used widely ...
Supply chain risk is unavoidable, but not unmanageable. Proactively prevent supply chain attacks by embedding YARA into ...
The latest attack from the self-replicating npm-package poisoning worm can also steal credentials and secrets from AWS, ...
Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in ...
The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM ...
Malicious npm package mimics an ESLint plugin, embeds an AI-tricking prompt, and steals environment variables via a ...
Approximately 640 NPM packages have been infected with a new variant of the Shai-Hulud self-replicating worm in a fresh wave of attacks.
Shai-Hulud malware infiltrates 490 NPM packages, stealing API keys and credentials from ENS and major crypto development ...
The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, ...
A new attempt to influence AI-driven security scanners has been identified in a malicious npm package. The package, ...
Results that may be inaccessible to you are currently showing.
Hide inaccessible results
Feedback