News

Krebs on Security23h

18 Popular Code Packages Hacked, Rigged to Steal Crypto

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...
Cloud Security Alliance9h

API Security in the AI Era

Learn how AI-driven APIs reshape threat models and discover actionable security practices to protect data and prevent ...

This 2FA phishing scam pwned a developer - and endangered billions of npm downloads

A new digital supply chain attack has targeted popular open-source npm packages with at least two billion downloads per week. On Sept. 8, Josh Junon, a package maintainer whose account was at the ...
Infosecurity Magazine10h

Open Source Community Thwarts Massive npm Supply Chain Attack

What could have been a historic supply chain attack seems to have been averted due to the rapid response of the open source ...