The coordinated campaign has so far published as many as 46,484 packages, according to SourceCodeRED security researcher Paul ...
The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...
Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " ...
Weeks after being declared eradicated, GlassWorm is again infesting open source extensions using the same invisible Unicode ...
The security research team at JFrog, a provider of a platform for building and deploying software, have discovered a critical vulnerability in a node ...
The Backend-for-Frontend pattern addresses security issues in Single-Page Applications by moving token management back to the ...
Security researchers at software supply chain company JFrog Ltd. today revealed details of a critical vulnerability in React, ...
The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to publish malicious extensions in an attempted ...
Supply chain security company Safety has discovered a trojan in NPM that masqueraded as Anthropic’s popular Claude Code AI ...
"The exploit hijacks Claude and follows the adversaries instructions to grab private data, write it to the sandbox, and then calls the Anthropic File API to upload the file to the attacker's account ...
The typosquatted packages auto-execute on installation, fingerprint victims by IP, and deploy a PyInstaller binary to harvest ...
The npm packages were available since July, have elaborately obfuscated malicious routines, and rely on a fake CAPTCHA to ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback