Researchers identified a new attack vector, "Shadow Resources," enabling resource squatting through predictable S3 bucket naming conventions.
By leveraging "Bucket Monopoly," an attacker can significantly...
Malicious actors published seemingly legitimate packages to the npm registry that contained malicious code hidden within image files. The code was executed during installation...
Malicious actors are increasingly targeting open-source public repositories with malware cloaked in legitimate packages, which frequently steals sensitive data or downloads more malware.
Security researchers...
Malicious actors are exploiting the popularity of open-source projects by publishing over 250 booby-trapped npm packages, which masquerade as legitimate offerings from companies like...