Popular JavaScript modules including size-sensor and echarts-for-react hit as hijacked account closed GitHub warnings ...
Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a ...
The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...
Mini Shai-Hulud npm campaign compromises @antv packages, targeting blockchain developers' GitHub tokens, AWS keys, and CI/CD ...
TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...
Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. The node-ipc ...
TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
Morning Overview on MSN
Three separate supply-chain attacks hit npm, PyPI, and Docker Hub within 48 hours — all three targeted developer cloud credentials and SSH keys
Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...
OpenAI said it found no evidence that user data was accessed after a supply-chain attack involving the TanStack npm library.
Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...
OpenAI confirmed on Wednesday that it found no evidence suggesting user data was compromised following a security incident ...
What is Mini Shai-Hulud npm supply chain attack, and was Microsoft and Socket hit by malware? A new npm supply chain attack ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results