InfoWorld

Malicious npm package sneaks into GitHub Actions builds

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...
The Hacker News

Over 46,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

The coordinated campaign has so far published as many as 46,484 packages, according to SourceCodeRED security researcher Paul ...
The Hacker News

Npm Package Targeting GitHub-Owned Repositories Flagged as Red Team Exercise

Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " ...

Popular JavaScript library expr-eval vulnerable to RCE flaw

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be ...
InfoWorld

RCE in React Native CLI opens Dev Servers to attacks

The bug exposes the Metro development server to remote attacks, allowing arbitrary OS command execution on developer systems ...
Security Boulevard

JFrog Uncovers Severe React Vulnerability Threat to Software Supply Chains

The security research team at JFrog, a provider of a platform for building and deploying software, have discovered a critical vulnerability in a node ...
Cryptopolitan on MSN

Malicious VS Code extensions resurface, stealing GitHub credentials and crypto wallets

Developers will have to contend with a dormant turned active malicious code on Visual Studio Code (VS Code) extensions, which ...

An incredibly popular JavaScript library might have some worrying malware issues

A widely-adopted JavaScript library has been found carrying a critical vulnerability which could allow threat actors to ...
Barron's

United Parcel Service Inc. Cl B

United Parcel Service, Inc. is a package delivery company, which engages in the provision of global supply chain management solutions. It operates through the following segments: U.S. Domestic Package ...