Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft. According to ...
The Miasma malware campaign has claimed another victim, poisoning more than 20 versions of legitimate npm packages used by the Leo Platform and RStreams ecosystems as its operators continue refining ...
Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm packages, ...
The Swift Package Index is no longer independent as Apple has taken control, but it will remain an open source search engine for third-party code. The Swift Package Index gave developers one trusted ...
Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. This attribution ...
To use this tool as a step in your GitHub Actions workflow, reference it using a specific Git tag or branch. The following options are available, managed automatically by the release workflow: ...