Millions of developers could be open to attack after critical flaw exploited - here's what we know

A widely popular npm package carried a critical severity vulnerability that allowed threat actors to, in certain scenarios, run malicious commands, experts have warned.
InfoWorld

Wave of npm supply chain attacks exposes thousands of enterprise developer credentials

A sophisticated supply chain attack has compromised the widely-used Nx build system package and exposed thousands of enterprise developer credentials. The campaign weaponized artificial intelligence ...