A massive security breach occurred in the npm ecosystem as attackers bypassed trust signals to distribute malicious code, while law enforcement successfully compromised a VPN used for criminal anonymity.
Jason··2 min read
The hacking group TeamPCP has compromised npm repositories by stealing maintainer credentials, effectively bypassing provenance verification. This highlights critical vulnerabilities in the human-centric security model of open-source supply chains.
Kenji··2 min read
A hacker group, TeamPCP, stole maintainer accounts to publish over 600 malicious npm packages that bypassed Sigstore verification. This highlights major logic vulnerabilities in digital signatures and open-source supply chain risks.
Kenji··2 min read
Attackers compromised the maintainer's token for the popular Axios library to distribute a remote access trojan. Given its integration in 80% of cloud environments, the breach poses a significant supply chain threat.
Kenji··1 min read
The popular axios npm library was compromised by hackers who injected a cross-platform trojan, affecting millions of cloud and code environments. Experts warn enterprises to urgently audit their dependencies and tighten supply chain security.
Kenji··1 min read
The popular open-source library axios was compromised via a stolen maintenance token, planting a RAT. The incident underscores the systemic risks in software supply chains, urging organizations to strengthen identity and dependency management.
Kenji··2 min read
The widely-used Axios library was compromised when an attacker stole a maintainer's npm token, pushing malicious versions containing a remote access trojan. The incident underscores the severe risks inherent in modern software supply chain trust.
Kenji··2 min read