Sources
StepSecurity

StepSecurity

Related tags:

#npm #cicd #cyber #secrets-management #security #github-actions

Posts about npm Posts about cicd Posts about cyber Posts about secrets-management Posts about security Posts about github-actions

Shai-Hulud: Here We Go Again. Mass npm Supply Chain Attack Hits the AntV Ecosystem Compromised atool npm Account Delivers CI/CD Credential Stealer Across 24 Packages (echarts-for-react package, timeago.js)actions-cool/issues-helper GitHub Action Compromised: All Tags Point to Imposter Commit That Exfiltrates CI/CD Credentials Nx Console VS Code Extension Compromised Introducing Secure Registry: install-time defense for the npm supply chain Active Supply Chain Attack: Malicious node-ipc Versions Published to npm Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Hits the npm Ecosystem Shai-Hulud Strikes TanStack: A Supply Chain Attack Targeting Millions of React Developers TanStack npm Packages Compromised Shai-Hulud Worm Pivots to Multi-Cloud: intercom-client@7.0.4 Hijacked — 361,000 Weekly Downloads, AWS, GCP, and Azure Credentials Now in Scope

All posts from StepSecurity