资讯

The Hacker News2 天

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in ...
The Register on MSN2 天

Dev snared in crypto phishing net, 18 npm packages compromised

Popular npm packages debug, chalk, and others hijacked in massive supply chain attack Crims have added backdoors to at least ...
CSO Online3 天

GhostAction campaign steals 3325 secrets in GitHub supply chain attack

Attackers abused GitHub Actions workflows to siphon off thousands of credentials from hundreds of npm and PyPI repositories.