https://www.csoonline.com/article/4088529/malicious-npm-package-sneaks-into-github-actions-builds.html
Malicious npm package sneaks into GitHub Actions builds | CSO Online
Nov 12, 2025 - The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious artifacts under GitHub’s own...
malicious npm packagesneaks
https://securelist.com/adaptixc2-agent-found-in-an-npm-package/117784/
Malicious package with AdaptixC2 framework agent found in npm registry | Securelist
malicious packagenpm registry
https://www.bleepingcomputer.com/news/security/malicious-npm-package-steals-whatsapp-accounts-and-messages/
Malicious npm package steals WhatsApp accounts and messages
A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal WhatsApp messages, collect contacts,...
malicious npm packagesteals
https://www.infoworld.com/article/4088533/malicious-npm-package-sneaks-into-github-actions-builds-2.html
Malicious npm package sneaks into GitHub Actions builds | InfoWorld
Nov 12, 2025 - The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious artifacts under GitHub’s own...
malicious npm packagesneaks