Tag: dependency scanning
4 articles

malicious npm packages: Stunning Critical Threat Revealed
Researchers uncovered Beamglea — 175 malicious npm packages downloaded about 26,000 times — that quietly hosted credential‑harvesting phishing campaigns against 135+ organizations, a stark reminder that the convenience of open-source packages can become a gateway for large‑scale theft.

npm packages Must-Have Defense Against Risky Attacks
Attackers briefly pushed trojanized npm releases that spread fast through the cloud, mined only pennies, and left security teams scrambling to contain and remediate. It’s a wake‑up call: package convenience comes with real supply‑chain risk, so tighten controls, pin dependencies, and treat dependencies as first‑class security assets.

supply chain attack: Stunning Near-Miss, Risky Lessons
A fast, coordinated open‑source response helped avert what could have been a massive npm supply‑chain breach, but the near miss raises urgent questions for developers, maintainers and policymakers about dependency hygiene, registry controls and long‑term resilience.

Malware-as-a-Service: Exclusive Risky Threat Alert
Malware-as-a-Service is now using GitHub to quietly deliver Amadey payloads, turning trusted code into attack paths—now’s the time for teams to harden supply-chain checks, vet dependencies, and lock down CI/CD pipelines.