Regtech firm SlowMist noted that recently, the NPM ecosystem experienced another large-scale package poisoning incident.
A second wave of the Shai-Hulud supply-chain attack has struck the npm software ecosystem, affecting more than 25,000 ...
New variant executes malicious code during preinstall, significantly increasing potential exposure in build and runtime ...
The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, ...
Shai-Hulud malware infiltrates 490 NPM packages, stealing API keys and credentials from ENS and major crypto development ...
The Register on MSN
PostHog admits Shai-Hulud 2.0 was its biggest ever security bungle
Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever ...
Yet another supply chain attack has hit the npm registry in what Amazon describes as "one of the largest package flooding incidents in open source registry history" - but with a twist. Instead of ...
More than 150,000 malicious packages were published in the NPM registry as part of a recently uncovered spam campaign, Amazon reports.
The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases. A series of malicious packages in the Node.js package manager (npm) code ...
A hacker has gained access to a developer's npm account and injected malicious code into a popular JavaScript library, code that was designed to steal the npm credentials of users who utilize the ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback