The Megalodon supply chain attack poisoned over 5,500 GitHub repositories via automated commits injecting GitHub Actions workflows.
TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...
GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...
Cybercriminals used the Glassworm botnet to infect open source software projects with malware, and in turn hack the ...
It has been a bad six weeks for security firm Checkmarx. Over the past 40 days, it has been the victim of at least one supply ...
Four supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days — none inside the model. A 7-row matrix maps what AI ...
Developer platform Socket says a malware called TrapDoor is targeting crypto and AI developers across npm, PyPI and Crates, aiming to steal crypto wallet info and browser data.
A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.
Threat intelligence firm Cyble said such attacks occurred, on average, nearly 13 times per month last year, from February through September 2024. Starting in October, they surged to nearly 16 per ...
10don MSN
Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack
The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects ...
What is Mini Shai-Hulud npm supply chain attack, and was Microsoft and Socket hit by malware? A new npm supply chain attack ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results