#package-ecosystems

[ follow ]
#supply-chain-attacks #malware-worms #cicd-pipeline-compromise #github-actions #dependency-scanning
#supply-chain-attacks
fromInfoWorld
1 day ago
Information security

Mistral AI SDK, TanStack Router hit in npm software supply chain attack

Automated Mini Shai-Hulud worm attacks rapidly spread through package ecosystems on May 11 by hijacking release pipelines via pull_request_target and maintainer misconfigurations.
fromTheregister
7 months ago
Information security

Socket will block it with free malicious package firewall

Socket released Socket Firewall Free, a free CLI that blocks malicious dependencies at install time across npm, yarn, pnpm, pip, uv, and cargo.
Information security
fromInfoWorld
1 day ago

Mistral AI SDK, TanStack Router hit in npm software supply chain attack

Automated Mini Shai-Hulud worm attacks rapidly spread through package ecosystems on May 11 by hijacking release pipelines via pull_request_target and maintainer misconfigurations.
more#supply-chain-attacks
[ Load more ]