Newly discovered npm package 'fezbox' employs QR codes to hide a second-stage payload to steal cookies from a user's web browser. The package, masquerading as a utility library, leverages this ...
A npm package copying the official 'postmark-mcp' project on GitHub turned bad with the latest update that added a single ...
A malicious npm package named Fezbox has been found using an unusual technique to conceal harmful code. The package employs a ...
In the light of recent supply chain attacks targeting the NPM ecosystem, GitHub will implement tighter authentication and ...
GitHub enforces FIDO 2FA and seven-day token limits after Shai-Hulud npm attack to boost supply chain security.
In light of recent cyberattacks and growing security concerns, GitHub is taking immediate and direct action to secure the ...
In a newly disclosed supply-chain attack, an npm package “postmark-mcp” was weaponized to stealthily exfiltrate emails, ...
A newly-discovered malicious package with layers of obfuscation is disguised as a utility library, with malware essentially ...
A popular MCP server in the NPM repository that was being downloaded 1,500 times a week suddenly began quietly copying emails and sending them to a C2 server after the developer inserted a line of ...
Plus: An investigation reveals how US tech companies reportedly helped build China’s sweeping surveillance state, and two ...
Explore emerging attack methods, evolving AI-driven threats, supply chain risks, and strategies to strengthen defenses and stay ahead of cyber risks.
CERT-In, India's cybersecurity agency, warns startups and IT firms about a Dune-inspired malware, 'Shai-Hulud', targeting the npm ecosystem.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback