The Jscrambler client-side web security company disclosed that a threat actor published a malicious version of its npm ...
Malicious jscrambler 8.14.0 runs hidden binaries during npm install on Windows, macOS, and Linux, with no fix available as of ...
Researchers at the AI Now Institute developed a proof-of-concept exploit showing common AI tools used for security could ...
To defend against slopsquatting, proactive trust verification must occur before any dependency lands in a developer's hands.
Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to ...
Socket found a compromised Injective npm package stealing wallet keys amid rising crypto supply chain attacks.
Unknown attackers compromised Injective Labs' GitHub repo to publish npm package 1.20.21, which steals wallet private keys ...
An exposed WP-SHELLSTORM server revealed tools, logs, cloud credentials, and thousands of webshells used in a large website ...
In Operation Muck and Load, over 200 GitHub repositories serve a Go module that leads to Windows malware infections.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results