Infosecurity-magazine.com

Malicious npm Packages Exploit Ethereum Smart Contracts

A malicious campaign targeting developers through npm and GitHub repositories has been uncovered, featuring an unusual method of using Ethereum smart contracts to conceal command-and-control (C2) ...
InfoWorld

Sonatype warns of 18,000 open source malware packages

A proliferation of open source malware, or malicious open source packages, poses unprecedented risk in the form of software supply chain attacks, the company said. Open source malware is intentionally ...