Snyk uncovers malicious code activities in open source supply chain security on the npm registry
Source
SnykSnyk uncovers malicious code activities in open source supply chain security on the npm registrysnyk.ioYou might also wanna read
Major NPM Supply Chain Attack: Over 1,000 Packages Infected via Fake Bun Runtime
A major cybersecurity incident occurred where over 1,000 NPM packages and 27,000+ GitHub repositories were infected within hours via a fake
Axios attack: How a compromised npm package delivered RAT malware
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
A threat actor using the alias vpmdhaj published 14 malicious npm packages within four hours, impersonating legitimate OpenSearch, Elasticse
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
A threat actor using the alias vpmdhaj published 14 malicious npm packages within four hours, impersonating legitimate OpenSearch, Elasticse
Supply Chain Attacks on Open-Source Software: Case Study of Malicious Pull Request Attempts
The article discusses recent supply chain attacks on open-source software projects like LiteLLM and axios, with a specific case study of att
Red Hat npm supply chain attack compromises 32 packages with credential-stealing malware
A supply chain attack targeted Red Hat's npm namespace (@redhat-cloud-services), with 96 compromised versions across 32 packages backdoored

September 2025 NPM supply-chain attack compromises popular JavaScript packages
In September 2025, a coordinated software supply-chain attack targeted multiple popular NPM packages in the JavaScript ecosystem. The attack

Comments
Sign in to join the conversation.
No comments yet. Be the first.