Researchers expose Discord webhook C2 in npm, PyPI, RubyGems; North Korean actors published 338 malicious npm packages with ...
Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to ...
In light of recent cyberattacks and growing security concerns, GitHub is taking immediate and direct action to secure the open-source software supply chain.
Visual Studio developers are targeted with a self-propagating worm in a sophisticated supply chain attack through the OpenVSX ...
Newly discovered npm package 'fezbox' employs QR codes to retrieve cookie-stealing malware from the threat actor's server. The package, masquerading as a utility library, leverages this innovative ...
GitHub will enforce 2FA and deprecate legacy tokens to improve package publishing security Trusted Publishing will expand, and token-based publishing will be restricted by default Shai-Hulud worm ...
North Korean hackers used fake recruiter lures and npm packages to target crypto developers in a large-scale supply-chain ...
A malicious npm package named Fezbox has been found using an unusual technique to conceal harmful code. The package employs a QR code as part of its obfuscation strategy, ultimately aiming to steal ...
Google’s Threat Intelligence Group has linked North Korean hackers to EtherHiding, blockchain malware previously used by ...
A npm package copying the official ‘postmark-mcp’ project on GitHub turned bad with the latest update that added a single line of code to exfiltrate all its users' email communication. Published by a ...
Codex gives software developers a first-rate coding agent in their terminal and their IDE, along with the ability to delegate ...
Malicious programs are constantly finding new ways to harm or damage devices. Seeing these things, it would always be reasonable to get apps in the Appx file format that is used by Universal Windows ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback