Tag: cache poisoning
2 articles

Shai-Hulud worm infects another npm package
A copycat of the notorious Shai-Hulud worm has struck again, infecting another npm package by exploiting a GitHub Actions misconfiguration. This latest attack follows a similar pattern that recently prompted TanStack to rethink its approach to accepting outside code contributions.

TanStack npm packages compromised in cache-poisoning attack
Malicious attackers have launched a lightning-fast cache-poisoning attack on TanStack npm packages, flooding the supply chain with 84 tainted versions loaded with credential theft and disk-wiping code. This six-minute blitz highlights the vulnerability of software supply chains to swift and devastating strikes.