Fortifying the Software Supply Chain: npm's 2FA-Gated Publishing and Staged Release Controls
npm enhances supply chain security with mandatory 2FA for publishing and staged releases, mitigating package compromise risks.
npm-security
Supply Chain & Endpoint Zero-Days: Analyzing Axios npm Compromise & Critical FortiClient EMS Exploits
Deep dive into the Axios npm supply chain compromise and critical FortiClient EMS vulnerabilities, detailing technical impacts and mitigation strategies.
Supply Chain Alert: 36 Malicious npm Packages Leverage Redis & PostgreSQL for Persistent Implants and Covert Data Exfiltration
36 malicious npm packages masquerading as Strapi plugins exploit Redis/PostgreSQL for reverse shells, credential harvesting, and persistent implants.
Malicious npm Package Unmasked: "@openclaw-ai/openclawai" Deploys RAT, Targets macOS Credentials in Supply Chain Attack
Malicious npm package "@openclaw-ai/openclawai" masquerades as OpenClaw installer, deploying a RAT to steal macOS credentials.
Shai-Hulud's Shadow: A Deep Dive into the npm Supply Chain Worm Targeting AI Developers
Analysis of the Shai-Hulud-like supply chain worm exploiting npm packages to compromise AI development environments.
SANDWORM_MODE Unleashed: Malicious npm Packages Steal Crypto Keys, CI Secrets, and API Tokens in a Shai-Hulud-like Supply Chain Attack
Active npm supply chain worm, SANDWORM_MODE, harvests crypto keys, CI secrets, and API tokens, demanding urgent developer vigilance.