npm
177 articles with this tag
INFO
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
MEDIUM
HIGH
CRITICAL
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
INFO
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
MEDIUM
HIGH
CRITICAL
LOW
HIGH
HIGH
MEDIUM
MEDIUM
HIGH
MEDIUM
HIGH
MEDIUM
HIGH
HIGH
MEDIUM
MEDIUM
HIGH
MEDIUM
MEDIUM
MEDIUM
HIGH
MEDIUM
HIGH
HIGH
HIGH
MEDIUM
HIGH
MEDIUM
MEDIUM
MEDIUM
HIGH
HIGH
MEDIUM
MEDIUM
HIGH
HIGH
HIGH
HIGH
MEDIUM
MEDIUM
MEDIUM
HIGH
HIGH
CRITICAL
HIGH
MEDIUM
MEDIUM
HIGH
HIGH
MEDIUM
HIGH
MEDIUM
MEDIUM
MEDIUM
MEDIUM
MEDIUM
MEDIUM
MEDIUM
MEDIUM
MEDIUM
Well-architected best practices for software supply chain security
TrapDoor malware campaign puts developer workstations in CISO spotlight
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign
Grafana Labs Says Code Breach Stemmed from TanStack Attack
GitHub links repo breach to TanStack npm supply-chain attack
New Mini Shai-Hulud attack targets npm ecosystem
Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft
Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks
New Shai-Hulud malware wave compromises 600 npm packages
Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
Leaked Shai-Hulud malware fuels new npm infostealer campaign
TanStack Supply Chain Attack (And How to Lock Down GitHub Actions)
First Shai-Hulud Worm Clones Emerge
Cisco, Canvas, Microsoft, Exchange 0-Days, NPM Backdoors, GPT-5.5 and more... - SWN #581
Expired domain leads to supply chain attack on node-ipc npm package
Popular node-ipc npm package compromised to steal credentials
Malicious node-ipc versions published to npm in suspected maintainer account compromise
OpenAI caught in TanStack npm supply chain chaos after employee devices compromised
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
Axios breach shows why software supply chains need zero trust
Hunting the Behavior Behind npm Supply Chain Attacks
Trusted by default: The npm attack pattern security teams miss
‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages
Mini Shai-Hulud Hits TanStack npm Packages
Cache-poisoning caper turns TanStack npm packages toxic
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
TanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain Attack
Cline Kanban Flaw Lets Websites Hijack AI Coding Agents
Supply chain attack against SAP npm packages facilitates credential theft
Illicit AI-assisted commit-linked npm dependency compromises crypto wallets
1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom
Why You Must Check Your Password Manager Immediately | THREAT WIRE
The never-ending supply chain attacks worm into SAP npm packages, other dev tools
SAP NPM Packages Targeted in Supply Chain Attack
'Mini Shai-Hulud' supply chain attack targets SAP npm packages
A Mini Shai-Hulud Has Appeared": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages
SAP npm Packages Compromised by “Mini Shai-Hulud” Credential-Stealing Malware
Set up automated dependency scanning after the recent npm/PyPI supply chain attacks
Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets
Tradecraft Tuesday Recap: axios npm Supply Chain Compromise
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
The npm Threat Landscape: Attack Surface and Mitigations
Checkmarx supply chain hack impacts Bitwarden CLI
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
Npm Supply Chain Malware Attack Targets Developers With Worm-Like Propagation
Bitwarden NPM Package Hit in Supply Chain Attack
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
Bitwarden CLI password manager trojanized in supply chain attack
Bitwarden CLI npm package compromised to steal developer credentials
STARDUST CHOLLIMA Likely Compromises Axios npm Package
Namastex npm packages compromised in ‘CanisterWorm’ supply chain attack
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
Malicious pgserve, automagik developer tools found in npm registry
Another npm supply chain worm is tearing through dev environments
Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
New npm supply-chain attack self-spreads to steal auth tokens
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package
STARDUST CHOLLIMA Likely Compromises Axios npm Package