theregister

Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise

The most popular impacted package is size-sensor, downloaded 4.2 million times per month, followed by echarts-for-react (3.8 million), @antv/scale (2.2 million) and timeago.js (1.15 million). The ...
GitHub

lirantal/npm-security-best-practices

Context: Shai-Hulud, Nx and other incidents are a growing concern of supply chain security attacks and compromised npm packages. Follow these developer security best practices around npm, package ...
The Hacker News

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years. "NGINX Plus and NGINX ...
cybernews

Hundreds of open-source packages, including TanStack and Mistral, compromised in fresh wave of supply chain attacks

Hundreds of malicious packages are being flagged in NPM and PYPI repositories, including those from TanStack and Mistral, which are hugely popular. A broad hacking campaign is targeting millions of ...