-
32 Red Hat npm packages compromised by Miasma malware expose cloud tokens, CI/CD secrets and developer credentials in supply chain attack.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A malicious Codex UI npm package with 27,000 weekly downloads was caught exfiltrating OpenAI refresh tokens, exposing developers to account takeover risks.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
TeamPCP claims to be selling alleged Mistral AI repositories on a hacker forum after the Mini Shai-Hulud attack targeted npm and PyPI ecosystems.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Research reveals that TeamPCP hijacked OIDC tokens to poison hundreds of TanStack, Mistral AI, and UiPath packages with the self-propagating Mini Shai-Hulud worm.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitGuardian uncovers TeamPCP attack on Bitwarden CLI, abusing GitHub Dependabot to spread Shai-Hulud and poison AI coding tools.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Critical RCE flaw in protobuf.js lets attackers execute code via malicious schemas. Learn who is at risk, affected versions, and how to fix it.
·
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Axios npm Package compromised in a supply chain attack, exposing developers to malware, data theft, and full system takeover risks worldwide.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
ReversingLabs researchers identify a new Ghost campaign using fake npm install logs and progress bars to phish for sudo passwords and steal crypto wallets from developers.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Sonatype uncovers a sophisticated malware campaign using hijacked npm developer accounts to steal API keys and passwords. Is your dev environment at risk?
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Veracode reveal a typosquatting attack that disguises Pulsar RAT as images to bypass Windows security and antivirus programs.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
