GitHub's npm package registry has rolled out a publishing approval step to prevent the distribution of compromised packages ...
An attacker poisoned 84 TanStack npm versions across 42 packages, stealing GitHub OIDC tokens and cloud keys while planting a ...
Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...
A Shai-Hulud copycat has turned up in yet another npm package just five days after TeamPCP open sourced the worm and ...
Following several large-scale attack waves on the NPM ecosystem, its operators are now taking measures to prevent a recurrence. In August and September, unknown attackers not only took over several ...
Morning Overview on MSN
Three separate supply-chain attacks hit npm, PyPI, and Docker Hub within 48 hours — all three targeted developer cloud credentials and SSH keys
Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...
Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a ...
A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.
TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...
Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection. The finding, ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results