Red Hat hit by npm supply‑chain attack - here's how to stay safe

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...
Threat Post

Microsoft Azure Developers Awash in PII-Stealing npm Packages

A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes. Researchers have found hundreds of malicious packages in the ...

npm tackles its riskiest security issues

With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit ...
Bleeping Computer

Copycats imitate novel supply chain attack that hit tech giants

This week, over 275 new packages have been published to the npm open-source repository named after private components being internally used by major companies. These npm packages are identical to the ...
Dark Reading

Novel npm Timing Attack Allows Corporate Targeting

A novel timing attack has emerged for targeting private corporate software packages hosted in the npm code repository. The goal is to uncover the legitimate offerings and then create malicious public ...