Attackers infected all versions with the same credential-stealing malware that, on Wednesday, poisoned multiple npm packages ...
Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
Socket’s acquisition of Secure Annex extends software supply-chain security beyond open-source dependencies into browser and ...
Several npm packages for SAP's cloud application development ecosystem have been compromised as TeamPCP's supply chain ...
Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...
Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...
Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ...
The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.
The threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has ...
A malicious version of the Bitwarden command-line interface (CLI) password manager was briefly distributed via the Node ...
Four SAP NPM packages compromised in the Mini Shai-Hulud supply chain attack trigger a Bun runtime to install an information ...
The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results