GitHub to Update npm to Thwart Software Supply Chain Attacks
NPM, part of GitHub, announced a new version of the npm package manager with several security improvements, including disabling install scripts
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
NPM, part of GitHub, announced a new version of the npm package manager with several security improvements, including disabling install scripts
Mini Shai-Hulud worm hits Alibaba AntV ecosystem in largest npm supply chain wave to date
Malicious npm packages spread via worm-like propagation and steal developer credentials
Supply chain worm mimicking Shai-Hulud malware spread via malicious npm packages, targeting AI tools has been identified by security researchers
Wiz Security warns that a recently discovered supply chain attack campaign targeting npm is far from over
What could have been a historic supply chain attack seems to have been averted due to the rapid response of the open source community
A software supply chain attack targeting Nx marks the first known case where attackers have leveraged developer AI assistants, according to StepSecurity
A new supply chain attack targets Ethereum tools, exploiting npm packages to steal sensitive data
Malicious campaigns targeting VSCode extensions have recently expanding to npm, risking software supply chains
A supply chain attack on the Solana library utilizing malicious npm versions has exposed private keys, putting crypto funds at risk
npm package @lottiefiles/lottie-player hacked with malicious code, draining crypto wallets via web3 pop-ups
Checkmarx has observed a novel npm supply chain attack using Ethereum smart contracts to manage command-and-control (C2) operations
Best practices are designed to help developers bolster security
Researchers discover malicious npm packages