Tag
4 articles
A coordinated attack on the AsyncAPI npm packages has exposed vulnerabilities in the software release process, compromising widely used open source tools.
North Korean-linked npm packages impersonate legitimate Rollup tools to steal developer credentials and enable remote access.
A popular npm package with 29,000 weekly downloads has been silently stealing OpenAI API tokens for a month, raising concerns about supply chain security.
Dozens of Red Hat packages were compromised through the official NPM channel, with malicious backdoors embedded in the code. Anyone who has downloaded these packages should investigate immediately.