Threat actors compromised AsyncAPI packages and weaponized trusted CI/CD workflows to distribute malware through npm. This ...
Stolen and leaked credentials lead to Node.js packages from AsyncAPI and Jscrambler Code Integrity being poisoned with ...
An apparent "Dune" aficionado is responsible for perpetrating the first self-propagating attack on the npm JavaScript repository in what a security company has described as being one of the most ...
The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases. A series of malicious packages in the Node.js package manager (npm) code ...
A novel timing attack has emerged for targeting private corporate software packages hosted in the npm code repository. The goal is to uncover the legitimate offerings and then create malicious public ...
A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes. Researchers have found hundreds of malicious packages in the ...