Supply-chain attacks have evolved considerably in the last two years going from dependency confusion or stolen SSL among others once common attacks to AI-backed social engineering and open-source ...
At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...
A couple of days ago there was a fairly major vulnerability injected into several low-level packages, in this case the debug package (supply chain attack). We were exposed to this compromise via a ...
A phishing email was at the heart of the attack. NPM team quickly removed backdoored versions. 18 packages hit, with 2B+ downloads every week. A new digital supply chain attack has targeted popular ...
A potential npm supply chain disaster was averted in record time after attackers took over a verified developer’s credentials. On September 8, Josh Junon, a developer with over 1800 GitHub ...
A major supply chain attack compromised npm packages such as “debug” and “chalk” that are widely used by JavaScript and EthereumJS projects. Attackers injected malicious code that silently swapped ...
At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...
Two malicious NPM packages posing as WhatsApp development tools have been discovered deploying destructive data-wiping code that recursively deletes files on a developer's computers. Two malicious NPM ...
A new AI coding challenge has revealed its first winner — and set a new bar for AI-powered software engineers. On Wednesday at 5 p.m. PT, the nonprofit Laude Institute announced the first winner of ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback