Seven packages published on the Node Package Manager (npm) registry use the Adspect cloud-based service to separate ...
A self-replicating attack led to a tidal wave of malicious packages in the NPM registry, targeting tokens for the tea.xyz ...
The Register on MSN
Crims poison 150K+ npm packages with token-farming malware
Amazon spilled the TEA Yet another supply chain attack has hit the npm registry in what Amazon describes as "one of the ...
A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser ...
The coordinated campaign has so far published as many as 46,484 packages, according to SourceCodeRED security researcher Paul ...
The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...
Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " ...
A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be ...
Weeks after being declared eradicated, GlassWorm is again infesting open source extensions using the same invisible Unicode and blockchain C2 tricks.
The security research team at JFrog, a provider of a platform for building and deploying software, have discovered a critical vulnerability in a node ...
The Backend-for-Frontend pattern addresses security issues in Single-Page Applications by moving token management back to the ...
Security researchers at software supply chain company JFrog Ltd. today revealed details of a critical vulnerability in React, ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback