Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Stop coding without these extensions ...
Some of the software building blocks shipped under Red Hat’s name spent a stretch of time quietly working against the people who installed them. Hidden inside more than 30 packages in the company’s ...
Miasma campaign infects official Red Hat npm packages, stealing credentials to spread a worm. The malware contains an obfuscated preinstall hook designed to collect a wide range of sensitive data. Per ...
GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on Microsoft's official Visual Studio Marketplace for just 18 minutes on May 18 ...
GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack.
GitHub confirmed that the cybercrime group TeamPCP exfiltrated roughly 3,800 internal code repositories after compromising an employee device through a poisoned VS Code extension. The Microsoft-owned ...
Note: This is just the VS Code extension that spawns the actual language server. The language server itself is implemented purely in PHP in its own repository, all features need to be implemented ...
A supply chain attack on SAP-related npm packages has put fresh scrutiny on the developer tools and build workflows that enterprises rely on to produce software. The campaign, referred to as “mini ...
A malicious version of the Bitwarden command-line interface (CLI) password manager was briefly distributed via the Node package manager (npm), as part of a widening supply chain attack targeting ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results