The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...
The coordinated campaign has so far published as many as 46,484 packages, according to SourceCodeRED security researcher Paul ...
Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " ...
Recently, security researchers Socket found 10 packages on npm targeting software developers, specifically those who use the ...
The typosquatted packages auto-execute on installation, fingerprint victims by IP, and deploy a PyInstaller binary to harvest ...
Supply chain security company Safety has discovered a trojan in NPM that masqueraded as Anthropic’s popular Claude Code AI ...
The npm packages were available since July, have elaborately obfuscated malicious routines, and rely on a fake CAPTCHA to ...
The bug exposes the Metro development server to remote attacks, allowing arbitrary OS command execution on developer systems ...
Hosted on MSN
Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know
Ten typosquatted npm packages delivered infostealing malware to nearly 10,000 systems Malware targeted system keyrings, bypassing app-level security to steal decrypted credentials Affected users must ...
Security researchers at software supply chain company JFrog Ltd. today revealed details of a critical vulnerability in React, ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback