Attackers increasingly are using malicious JavaScript packages to steal data, engage in cryptojacking and unleash botnets, offering a wide supply-chain attack surface for threat actors. More than ...
Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to be the world’s biggest supply-chain attack ever. “Sorry everyone, I should ...
The NPM JavaScript registry has experienced a jump in malware, including packages related to data theft, crypto mining, botnets, and remote code execution, according to security company WhiteSource.
What the Script: Supply chain attacks are traditionally designed to inflict maximum damage on structured organizations or companies. However, when such an attack compromises a supply chain that an ...
Node.js is a lean, fast, cross-platform JavaScript runtime environment that is useful for both servers and desktop applications. Scalability, latency, and throughput are key performance indicators for ...
Visual Studio developers are targeted with a self-propagating worm in a sophisticated supply chain attack through the OpenVSX ...
60 packages have been discovered in the NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat actor. According to Socket’s Threat ...
Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to ...
Threat actors are abusing legitimate NPM infrastructure in a new phishing campaign that breaks from the typical supply chain attack pattern.
More than 400 malicious packages were recently uploaded to PyPI (Python Package Index), the official code repository for the Python programming language, in the latest indication that the targeting of ...
Results that may be inaccessible to you are currently showing.
Hide inaccessible results
Feedback