The coordinated campaign has so far published as many as 46,484 packages, according to SourceCodeRED security researcher Paul ...
The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...
Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " ...
For the past four months, over 130 malicious NPM packages deploying information stealers have been collectively downloaded ...
The payload is triggered only between August 8, 2027, and November 29, 2028, and does two destructive things: randomly kills ...
Researchers say the malware was in the repository for two weeks, advise precautions to defend against malicious packages.
The Register on MSN
Invisible npm malware pulls a disappearing act – then nicks your tokens
PhantomRaven slipped over a hundred credential-stealing packages into npm A new supply chain attack dubbed PhantomRaven has ...
Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.
The popular npm package "is" was infected with cross-platform malware, around the same time that linting utility packages used with the prettier code formatter were infected with Windows-only malware.
As poisoned software continues to pop up across the industry, some threat actors have found a way to hide malicious code in npm packages and avoid detection from most security tools. In an blog post ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback