Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...
The Shai-Hulud campaign continues, now affecting hundreds of new packages and potentially compromising thousands of projects.
A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.
Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a ...
A Shai-Hulud copycat has turned up in yet another npm package just five days after TeamPCP open sourced the worm and ...
An attacker poisoned 84 TanStack npm versions across 42 packages, stealing GitHub OIDC tokens and cloud keys while planting a ...
TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...
Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...
GitHub's npm package registry has rolled out a publishing approval step to prevent the distribution of compromised packages ...
What is Mini Shai-Hulud npm supply chain attack, and was Microsoft and Socket hit by malware? A new npm supply chain attack ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results