CPO Magazine

North Korean Hackers Target Developers with Nearly 200 Malicious NPM Packages in “Contagious Interview” Hacking Campaign

North Korean hackers intensify their efforts against blockchain and Web3 developers, using nearly 200 malicious npm packages ...
GitHub

Azure DevOps npm auth

Simply set up user authentication to Azure DevOps npm feeds, optionally using the Azure CLI for Personal Access Token (PAT) acquisition. If you would like to acquire a PAT token manually and supply it ...
GovInfoSecurity

Breach Roundup: React Flaw Incites Supply Chain Risk

This week, the React flaw, a belated Windows fix, Defense Secretary Pete Hegseth's Signal group posed operational risk, more ...
The Hacker News

ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories

Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, ...
InfoWorld

A proactive defense against npm supply chain attacks

Supply chain risk is unavoidable, but not unmanageable. Proactively prevent supply chain attacks by embedding YARA into ...

Shai-Hulud 2.0 Credential Leak Hits Zapier, PostHog and Postman — User Data At Risk

Hulud 2.0,' has created a severe supply chain crisis, compromising key platforms like Zapier, PostHog, and Postman.

Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets

The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM ...
Dark Reading

DPRK's 'Contagious Interview' Spawns Malicious Npm Package Factory

North Korean attackers have delivered more than 197 malicious packages as part of ongoing state-sponsored activity to ...
The Hacker News

Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools

Malicious npm package mimics an ESLint plugin, embeds an AI-tricking prompt, and steals environment variables via a ...

Glassworm returns once again with a third round of VS code attacks

The Visual Studio Marketplace and the Open VSX Registry users are targeted once again with infostealing malware.

Glassworm malware returns in third wave of malicious VS Code packages

The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms.