A new campaign involving 19 malicious Visual Studio Code extensions used a legitimate npm package to embed malware in ...
Researchers found malicious VS Code extensions and Go, npm, and Rust packages stealing developer data via hidden payloads and exfiltration.
Two code packages named "nodejs-encrypt-agent" in the popular npm JavaScript library and registry recently were discovered containing the open source information-stealing TurkoRat malware. Researchers ...
Microsoft previews a GitHub Copilot-powered VS Code Insiders tool that modernizes JavaScript/TypeScript apps by upgrading npm ...
Security experts have warned that a newly discovered supply chain attack targeting npm packages is still active and may already have impacted 10% of cloud environments. On Monday, a threat actor ...
Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection. The finding, ...
An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and websites. As ...
Supply chain risk is unavoidable, but not unmanageable. Proactively prevent supply chain attacks by embedding YARA into ...
Two billion downloads per week. That’s the download totals for the NPM packages compromised in a supply-chain attack this week. Ninety-nine percent of the cloud depends on one of the packages, and one ...
Threat actors have likely made off with sensitive host and network information from developers’ systems in a coordinated malware campaign, involving 60 malicious npm packages, that were live for just ...
PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever experienced after attackers slipped malicious releases into its JavaScript SDKs and ...
An npm package named 'rand-user-agent' has been compromised in a supply chain attack to inject obfuscated code that activates a remote access trojan (RAT) on the user's system. The 'rand-user-agent' ...
Results that may be inaccessible to you are currently showing.
Hide inaccessible results
Feedback