资讯

Breach of npm threatens billions of weekly downloads in JavaScript ecosystem

Earlier this week, the Npm package manager suffered what may be its worst security incident to date. Unknown cybercriminals ...

Crypto Users on High Alert: The NPM Attack Targeting JavaScript Libraries

Charles Guillemet, Chief Technology Officer at Ledger, emphasized the gravity of the situation, stating, "There’s a large-scale supply chain attack in progress: the NPM account of a reputable ...

Ledger CTO warns of shocking NPM attacks by crypto hackers

Charles Guillemet, CTO at the crypto wallet platform Ledger, warned the crypto community to be cautious while executing ...
Krebs on Security3 天

18 Popular Code Packages Hacked, Rigged to Steal Crypto

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...

Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...
CSOonline2 年

Google launches dependency API and curated package repository with security metadata

This week, Google launched a free API service that provides software developers with dependency data and security-related information on over 5 million software components across different programming ...
SiliconANGLE2 年

Google Cloud beefs up open-source software security with Assured OSS packages

Google Cloud wants to help improve the security of the most widely used open-source software, and to do so it’s making its Assured Open Source Software service generally available for Java and Python ...