The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
North Korean threat actors are escalating the PolinRider supply chain attack across Go, Packagist, and npm package ...
GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. As of writing, ...
The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...
Java, Kotlin, Groovy, Scala TypeScript, JavaScript, JSX/TSX Python, Go, Rust, C/C++, C# HTML, CSS, JSON, YAML, XML Markdown, SQL, Shell, and more ...
Don't worry if you never see that method before, this extension provided a lot of code examples for that.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results