Attackers created at least 292 fake GitHub repositories that impersonated developer tools and redirected users to ...
New TELEPUZ malware spreads through ClickFix, then steals browser cookies, logs keystrokes, runs commands, and installs ...
A threat actor has published hundreds of fake GitHub repositories impersonating legitimate software and security projects to ...
Stolen and leaked credentials lead to Node.js packages from AsyncAPI and Jscrambler Code Integrity being poisoned with ...
JFrog finds 148 npm proxy packages turned student browsers into a DDoS botnet, while a mutable loader lets operators re-arm ...
Threat actors compromised AsyncAPI packages and weaponized trusted CI/CD workflows to distribute malware through npm. This ...