A post-mortem of the malicious event-stream backdoor
7y agoen
Source
SnykA post-mortem of the malicious event-stream backdoorsnyk.ioA look back at the chain of events that led to the use of the malicious npm package "flatmap-stream" and a reflection on what it means for the fragility of open source.
You might also wanna read
Post-mortem Analysis of @ctrl/tinycolor npm Supply Chain Attack via GitHub Actions
A detailed post-mortem analysis of a supply chain attack on the @ctrl/tinycolor npm package. The attack occurred when a malicious GitHub Act
Postmortem: TanStack npm supply-chain compromise via GitHub Actions exploitation
On May 11, 2026, an attacker exploited a chain of vulnerabilities — including the pull_request_target "Pwn Request" pattern, GitHub Actions
Supply Chain Attacks on Open-Source Software: Case Study of Malicious Pull Request Attempts
The article discusses recent supply chain attacks on open-source software projects like LiteLLM and axios, with a specific case study of att
⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More
thehackernews.com·1d ago
Glassworm Threat Actor Returns with Unicode-Based Supply Chain Attacks on GitHub, npm, and VS Code
The Glassworm threat actor has returned with a new wave of supply chain attacks using invisible Unicode characters to compromise software re
aikido.dev·3mo ago
September 2025 NPM supply-chain attack compromises popular JavaScript packages
In September 2025, a coordinated software supply-chain attack targeted multiple popular NPM packages in the JavaScript ecosystem. The attack
projectptixiakis.github.io·1mo ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.