Shai-Hulud malware infiltrates 490 NPM packages, stealing API keys and credentials from ENS and major crypto development ...
The attackers have learned from their mistakes and have now developed a more aggressive version of the worm. It has already ...
Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in ...
Seven packages published on the Node Package Manager (npm) registry use the Adspect cloud-based service to separate ...
A researcher reported that more than 400 NPM libraries, including a cluster of ENS-linked crypto packages, were breached by ...
A threat actor has published tens of thousands of malicious NPM packages that contain a self-replicating worm, security ...
Goal is to steal Tea tokens by inflating package downloads, possibly for profit when the system can be monetized.
A malware campaign presents fake websites that can check if a visitor is a victim or a researcher, and then proceed accordingly to defraud or evade ...
The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...
The Register on MSN
Shai-Hulud worm returns, belches secrets to 25K GitHub repos
Trojanized npm packages spread new variant that executes in pre-install phase, hitting thousands within days A ...
Supply chain security company Safety has discovered a trojan masquerading as Anthropic’s popular Claude Code AI software development assistant. Anthropic describes Claude Code is an agentic coding ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback