Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
Malicious npm packages mimicking Rollup polyfill tooling steal browser data, crypto wallets, and AI tool credentials in a Lazarus-linked campaign.
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Software developers often rely on open-source repositories to speed-up development, integrate new features, and build cloud-based applications. The trust placed in these repositories is critical to ...
Modern software development requires reliable automation for building, testing, validating, and deploying applications. Manual deployment processes often introduce delays, inconsistencies, and ...
AI-powered medical imaging system for multi-disease chest X-ray detection,built with EfficientNet deep learning, a FastAPI backend, and an interactive Streamlit dashboard. Deployed on Render for ...
A variant of the infamous Shai-Hulud worm wreaked havoc on Microsoft's code repositories, triggering disruptions to CI/CD workflows and heightening concerns about increasing software supply chain ...
The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the ...
Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud supply-chain attack that delivered malware designed to steal developer secrets.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results