Malicious npm package mimics an ESLint plugin, embeds an AI-tricking prompt, and steals environment variables via a ...
The originators of the Contagious Interview cyberattack campaign are stitching GitHub, Vercel, and NPM together into a ...
"As a new and significantly more aggressive wave of npm supply chain malware, Shai-Hulud 2 combines stealthy execution, ...
Supply chain security company Safety has discovered a trojan masquerading as Anthropic’s popular Claude Code AI software development assistant. Anthropic describes Claude Code is an agentic coding ...
Abstract: Today's consumers frequently use online search to reduce the perceived risk involved with relying on unfamiliar businesses and services. Consumers may turn to online reviews in particular (i ...
Newly discovered npm package 'fezbox' employs QR codes to retrieve cookie-stealing malware from the threat actor's server. The package, masquerading as a utility library, leverages this innovative ...
In a supply chain attack, the trending npm package, @ctrl/tinycolor, was in the target. Dastardly versions steal secrets through TruffleHog scanning. The npm package ecosystem has been compromised by ...
What the Script: Supply chain attacks are traditionally designed to inflict maximum damage on structured organizations or companies. However, when such an attack compromises a supply chain that an ...
Largest cryptocurrency product seems to be unaffected by biggest "supply chain" hack in history So far, no cryptocurrency service has reported losses as a result of clipper malware being injected into ...
A trusted maintainer of JavaScript libraries was compromised, injecting 18 widely downloaded npm packages with malicious code. The code swaps transactions with similar-looking destination addresses.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback