npm平台遭供应链投毒攻击,涉及600余个恶意版本,开发者需立即更新Token和密钥。
IT之家 5 月 25 日消息,国家网络安全通报中心今日发布预警,称监测发现,全球主流 JavaScript 软件包管理平台 npm 遭“沙虫”(Shai-Hulud)供应链投毒攻击。 攻击者攻陷了 npm 官方维护者账户 ,并在短时间内批量投放大量恶意软件包, 涉及 300 余个独立程序包的 60…
黑客通过VSCode扩展投毒开源代码,GitHub遭供应链攻击,规模史无前例。
GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks.
从一枚恶意VS Code扩展说起,揭秘GitHub内部3800个仓库泄露的供应链攻击链条,开发者必看的安全警示。
恶意VSCode扩展致GitHub 3800个仓库被入侵,供应链安全警钟再响
Previous thread in sequence: GitHub is investigating unauthorized access to their internal repositories - https://news.ycombinator.com/item?id=4820131…
GitHub确认3800个内部仓库遭投毒VS Code扩展窃取,针对微软Python SDK的供应链蠕虫正在扩散。
GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal reposit…
npm生态遭大规模供应链攻击,317个包在22分钟内被植入恶意代码,影响数百万月下载量。
Article URL: https://safedep.io/mini-shai-hulud-strikes-again-314-npm-packages-compromised/ Comments URL: https://news.ycombinator.com/item?id=4818936…
数十个流行开源软件包遭供应链攻击,黑客持续投毒,开发者需警惕依赖风险
The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects and, in turn, developers…
50天内四次AI供应链攻击,揭露了OpenAI、Anthropic、Meta发布管道中红队从未覆盖的致命漏洞。
Four supply-chain incidents hit OpenAI, Anthropic and Meta in 50 days: three adversary-driven attacks and one self-inflicted packaging failure. None t…
Nx包遭供应链攻击窃取开发者凭证,Vercel默认安全,请立即自查受影响环境。
Threat actors published modified versions of the Nx package and some of its supporting libraries to the npm registry with the goal of exfiltrating dev…
OpenAI回应Axios供应链攻击:已轮换代码签名证书并更新应用,用户数据未受影响。
OpenAI responds to the Axios supply chain attack by rotating macOS code signing certificates, updating apps, and confirming no user data was compromis…
用经典讽刺文体调侃npm供应链攻击,揭露JavaScript生态依赖地狱的荒诞现实
Article URL: https://kevinpatel.xyz/posts/no-way-to-prevent-this/ Comments URL: https://news.ycombinator.com/item?id=48155690 Points: 376 # Comments: …