Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise

Found 13 hours ago ago at The Register

Popular JavaScript modules including size sensor and echarts for react hit as hijacked account closed GitHub warnings An npm account compromise infected 314 npm packages with malware, including size sensor, echarts for react, timeago.js, and packages scoped to @antv, in a 22 minute burst of activity in the early hours of Tuesday morning. The most popular impacted package is size sensor, downloaded 4.2 million times per month, followed by echarts for react 3.8 million, @antv scale 2.2 million...

Read the full article at The Register

More Developer News

In stunning display of stupid, secret CISA credentials found in public GitHub repo

Found 8 hours ago at Arstechnica

America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens â and incredibly obvious filenames

Found 9 hours ago at The Register

Airbus gets HPC-as-a-service supercomputer from Bull

Found 11 hours ago at The Register

Broadcom finds a VMware customer willing to stick around: London Stock Exchange

Found 13 hours ago at The Register

Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise

Found 13 hours ago at The Register

Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise

In stunning display of stupid, secret CISA credentials found in public GitHub repo

America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens â and incredibly obvious filenames

Airbus gets HPC-as-a-service supercomputer from Bull

Broadcom finds a VMware customer willing to stick around: London Stock Exchange

Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise

America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens â and incredibly obvious filenames