A major software supply chain attack has impacted the JavaScript ecosystem after threat actors compromised the … Malicious Axios Package Delivers WAVESHAPER.V2 Backdoor in Supply Chain AttackRead more
developer security
CanisterWorm Spreads Through npm Accounts Stealing Tokens
A new supply chain malware campaign called CanisterWorm is targeting the npm ecosystem by compromising publisher … CanisterWorm Spreads Through npm Accounts Stealing TokensRead more
Malicious Next.js Repositories Target Developers
Software supply chain attacks are no longer limited to package managers or CI/CD pipelines. Threat actors … Malicious Next.js Repositories Target DevelopersRead more
Dangerous duer-js NPM Package Infects Windows Users
A malicious NPM package named duer-js has been discovered targeting Windows users and developers. Disguised as … Dangerous duer-js NPM Package Infects Windows UsersRead more
GlassWorm Malware: Supply Chain Attack Targeting VSX Developers
Software supply chain attacks are no longer rare, and the GlassWorm malware campaign proves how dangerous … GlassWorm Malware: Supply Chain Attack Targeting VSX DevelopersRead more
Hidden Backdoor Found in Popular Go Packages
The Go programming ecosystem has been hit by a long-running supply chain attack that secretly targeted … Hidden Backdoor Found in Popular Go PackagesRead more