More results...
GitHub will implement local publishing with mandatory 2FA, granular tokens that expire after seven days, and trusted publishing.
The post GitHub Boosting Security in Response to NPM Supply Chain AttacksĀ appeared first on SecurityWeek.
The packages were injected with malicious code to harvest secrets, dump them to a public repository, and make private repositories public.
The post Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit appeared first on Secu…
Designed to intercept cryptocurrency transactions, the malicious code reached 10% of cloud environments.
The post Highly Popular NPM Packages Poisoned in New Supply Chain Attack appeared first on SecurityWeek.
A supply chain attack called GhostAction has enabled threat actors to steal secrets and exploit them.
The post GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets appeared first on SecurityWeek.
The private repositories of hundreds of organizations were published publicly in the second phase of the Nx supply chain attack.
The post Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack appeared first on SecurityWeek.
With more than 4 million weekly downloads, the Nx build platform became the first known supply chain breach where hackers weaponized AI assistants for data theft.
The post Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attac…
CISA has updated the Minimum Elements for a Software Bill of Materials (SBOM) guidance and is seeking public comment.
The post CISA Requests Public Feedback on Updated SBOM Guidance appeared first on SecurityWeek.
Hackers have injected malware into popular NPM packages after compromising several developer accounts in a fresh phishing campaign.
The post High-Value NPM Developers Compromised in New Phishing Campaign appeared first on SecurityWeek.
A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.
The post React Native Aria Packages Backdoored in Supply Chain Attack appeared first on SecurityWeek.
Security firm Socket warns flags a campaign targeting NPM users with tens of malicious packages that can hijack system information.
The post Ongoing Campaign Uses 60 NPM Packages to Steal Data appeared first on SecurityWeek.