Over 43,000 dormant spam packages flooded npm in a coordinated two-year campaign Some packages contained worm-like scripts ...
The coordinated campaign has so far published as many as 46,484 packages, according to SourceCodeRED security researcher Paul ...
The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...
Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " ...
Weeks after being declared eradicated, GlassWorm is again infesting open source extensions using the same invisible Unicode ...
The security research team at JFrog, a provider of a platform for building and deploying software, have discovered a critical vulnerability in a node ...
The Backend-for-Frontend pattern addresses security issues in Single-Page Applications by moving token management back to the ...
Security researchers at software supply chain company JFrog Ltd. today revealed details of a critical vulnerability in React, ...
Supply chain security company Safety has discovered a trojan in NPM that masqueraded as Anthropic’s popular Claude Code AI ...
"The exploit hijacks Claude and follows the adversaries instructions to grab private data, write it to the sandbox, and then calls the Anthropic File API to upload the file to the attacker's account ...
The typosquatted packages auto-execute on installation, fingerprint victims by IP, and deploy a PyInstaller binary to harvest credentials from browsers, SSH keys, API tokens, and cloud configuration ...
The npm packages were available since July, have elaborately obfuscated malicious routines, and rely on a fake CAPTCHA to ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback