TL;DR The Shai-Hulud Miasma campaign has a fresh series of malicious packages following the compromise of the czirker ...
In response to a recent wave of supply chain attacks targeting the NPM ecosystem, GitHub announced that scripts from dependencies will no longer be executed by default. To check how the upcoming ...
GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat ...
The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took GitHub so long, and why other repositories acted so much sooner. The ability ...
Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, where it pilfers sensitive credentials in hopes of stealing yet more ...
GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Erik Steiger discusses the operational pain ...
Any development environment that installed or imported one of the 172 compromised npm or PyPI packages published since May 11 should be treated as potentially compromised. On affected developer ...
Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Erik Steiger discusses the operational pain ...
Researchers at Endor Labs uncovered 88 new packages tied to new waves of the campaign, which uses remote dynamic dependencies to deliver credential-stealing malware. Last year’s “PhantomRaven” ...
Security researchers have uncovered a new supply chain attack targeting the NPM registry with malicious code that exhibits worm-like propagation capabilities. Dubbed Sandworm_Mode, the attack was ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results