TensorFlow.js Typosquatting Attack: Malicious Package Targeting AI/ML Developers
A malicious NPM package targeting TensorFlow users was discovered on npm. The package uses typosquatting to target the popular `tensorflow` package.
Read the full article11mo ago
You might also wanna read

What is typosquatting and how typosquatting attacks are responsible for malicious modules in npm
Snyk·5y ago
Attackers Move Past Typosquatting to Realistic Package Impersonation
Most malicious open source packages now mimic real code rather than rely on typosquatting
Infosecurity Magazine - Information Security & IT Security News and Resources·1mo ago
AI-Generated npm Package Leaks Its Own GitHub Token, Exposing Malware Operator
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator
AI-Generated npm Package Leaks Its Own GitHub Token, Exposing Malware Operator
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator

Snyk finds 200+ malicious npm packages, including Cobalt Strike dependency confusion attacks
Snyk recently discovered overt 200 malicious packages in the npm registry. While we acknowledge that vulnerability fatigue is an issue for d
Snyk·4y ago

What is Slopsquatting? The AI Package Hallucination Attack Already Happening
AI models hallucinate npm package names. Attackers register them first. Here's what slopsquatting is, how it's spreading through agent skill
aikido.dev·4mo ago
npm malware targeting Claude users leaks own GitHub token, reaches 676 downloads
Script kiddies these days

Comments
Sign in to join the conversation.
No comments yet. Be the first.