News
On September 15, a new supply chain attack was identified that targeted the @ctrl/tinycolor and 150 other NPM packages. The ...
The malicious JavaScript code ("bundle.js") injected into each of the trojanized package is designed to download and run ...
Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...
The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...
A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, ...
A new supply chain attack on npm, the node package manager, has injected the first malware with self-replicating worm ...
Attackers abused GitHub Actions workflows to siphon off thousands of credentials from hundreds of npm and PyPI repositories.
Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...
7don MSN
GitHub supply chain attack sees thousands of tokens and secrets stolen in GhostAction campaign
Thousands of secrets such as PyPI and AWS keys, GitHub tokens, and more, were stolen recently during a supply-chain attack ...
On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...
A supply chain attack involving malicious GitHub Action workflows has impacted hundreds of repositories and thousands of secrets.
Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Senyo Simpson discusses how Rust's core ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback