A sophisticated software supply chain attack has been discovered targeting developers using Strapi. Attackers published 36 … 36 Malicious npm Strapi Packages Used in Targeted Supply Chain Attack Read more
npm malware
CanisterWorm Spreads Through npm Accounts Stealing Tokens
A new supply chain malware campaign called CanisterWorm is targeting the npm ecosystem by compromising publisher … CanisterWorm Spreads Through npm Accounts Stealing TokensRead more
Lazarus Group’s ‘Graphalgo’ Fake Recruiter Campaign Targets Crypto Developers
Since May 2025, the North Korean state-sponsored hacking team, Lazarus Group, has been running a highly … Lazarus Group’s ‘Graphalgo’ Fake Recruiter Campaign Targets Crypto DevelopersRead more
Dangerous duer-js NPM Package Infects Windows Users
A malicious NPM package named duer-js has been discovered targeting Windows users and developers. Disguised as … Dangerous duer-js NPM Package Infects Windows UsersRead more
GitHub Actions Exploited by Shai Hulud v2 to Steal Secrets
The software supply chain faces a new and sophisticated threat: Shai Hulud v2, a malware campaign … GitHub Actions Exploited by Shai Hulud v2 to Steal SecretsRead more