资讯

The Hacker News2 天

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in ...

Dev snared in crypto phishing net, 18 npm packages compromised

Crims have added backdoors to at least 18 npm packages after developer Josh Junon inadvertently authorized a reset of the two ...
CSO Online2 天

GhostAction campaign steals 3325 secrets in GitHub supply chain attack

Attackers abused GitHub Actions workflows to siphon off thousands of credentials from hundreds of npm and PyPI repositories.
hodlfm6 天

Hackers Use Ethereum Smart Contracts to Conceal Malware in NPM Packages

Malware targeting Ethereum smart contracts is not entirely new. Earlier this year, the North Korean-affiliated Lazarus Group ...