Malicious packages across npm, PyPI, and Crates.io show how poisoned developer workflows can become a route into enterprise systems.
A leading American stock exchange for private companies is suing its Canadian rival for alleged patent infringement, ...
TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
Massive scale attack The "Megalodon" campaign compromised over 5,000 GitHub repositories in 6 hours by weaponizing automated GitHub Actions workflows that execute when developers push code or merge ...
The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.
Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...
The Mini Shai-Hulud worm has resurfaced in one of its largest single-registry waves to date, hitting hundreds of npm packages ...
A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.
What is Mini Shai-Hulud npm supply chain attack, and was Microsoft and Socket hit by malware? A new npm supply chain attack hit hundreds of packages linked to the @antv ecosystem. Attackers used a ...
Mini Shai-Hulud npm campaign compromises @antv packages, targeting blockchain developers' GitHub tokens, AWS keys, and CI/CD secrets in a coordinated supply chain attack.
Morning Overview on MSN
Three separate supply-chain attacks hit npm, PyPI, and Docker Hub within 48 hours — all three targeted developer cloud credentials and SSH keys
Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...
Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results