A widely used open-source PyPI package, elementary-data, was compromised in a targeted attack that inserted infostealer malware via a GitHub Actions vulnerability. The malicious update, version 0.23.3 ...
3hon MSN
Top open source PyPI package with over 1 million downloads each month hacked to send out malware
This was not a case of stolen credentials, but rather of vulnerability exploitation.
A previously unknown threat group using tried-and-tested social engineering tactics - Microsoft Teams chat invitations and ...
Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results