npm supply chain - Robuta Search

https://zdrojak.cz/zpravicky/axios-kompromitovany-na-npm-supply-chain-utok/ Axios kompromitovaný na npm (supply chain útok) - Zdroják Populární knihovna axios byla krátce kompromitována na npm. Útočník získal přístup k maintainer účtu a publikoval škodlivé verze: axios@1.14.1 npm supply chain axios na https://www.sygnia.co/threat-reports-and-advisories/npm-supply-chain-attack-september-2025/ 16 Minutes to Impact: npm Supply Chain Abuse Deploys crypto-draining malware - Sygnia Sep 11, 2025 - A targeted supply chain compromise of an open-source node package manager (npm) resulted in malicious updates to widely used packages, enabling cryptocurrency... npm supply chain minutes impact abuse deploys https://blog.chainsafe.io/defending-lodestar/ Defending Lodestar Against NPM Supply Chain Attacks May 8, 2026 - How Lodestar secures hundreds of thousands of staked ETH with TypeScript. npm supply chain defending lodestar attacks https://blog.cyberdesserts.com/axios-npm-supply-chain-attack/ Axios NPM Supply Chain Attack 2026: IOCs and Remediation Apr 16, 2026 - Axios 1.14.1 and 0.30.4 deployed a North Korean RAT on March 31 2026. Lockfile check, IOCs, and remediation steps for exposed environments. npm supply chain axios attack iocs remediation https://www.picussecurity.com/resource/blog/axios-npm-supply-chain-attack-cross-platform-rat-delivery-via-compromised-maintainer-credentials Axios npm Supply Chain Attack: Cross-Platform RAT Delivery via Compromised Maintainer Credentials Apr 1, 2026 - Axios supply chain attack delivers cross-platform RAT via compromised npm credentials. Learn impact, attack flow, and urgent response steps. npm supply chain cross platform via compromised axios attack https://cyberpress.org/pnpm-blocks-supply-attacks/ pnpm 11 Targets npm Supply Chain Threats With Minimum Release Age Safeguard May 5, 2026 - The release of pnpm 11 marks a major shift in how JavaScript ecosystems handle supply chain security. Moving beyond simple dependency. npm supply chain pnpm targets threats minimum https://tldr.tech/infosec/2026-05-04 SAP npm Supply Chain ⛓️, GPT-5.5 Cyber Eval 🤖, Google Adjusts Bounties 🔍 SAP npm Supply Chain ⛓️, GPT-5.5 Cyber Eval 🤖, Google Adjusts Bounties 🔍 npm supply chain sap gpt cyber eval https://threatbook.io/blog/lazarus-group-poisons-axios-inside-the-npm-supply-chain-attack Lazarus Group Poisons Axios: Inside the npm Supply Chain Attack Mar 31, 2026 - ThreatBook attributes the recent Axios npm supply chain attack to the Lazarus Group, detailing the malicious payloads and their impact on users across... npm supply chain lazarus group poisons axios https://sandboxscanner.com/ SandboxScanner — npm Supply Chain Threat Detection Scan any npm package for supply chain attacks without installing it. Static analysis + sandboxed execution in isolated Cloudflare Dynamic Workers. npm supply chain threat detection https://www.theregister.com/security/2026/04/22/another-npm-supply-chain-worm-hits-dev-environments/5220989 Another npm supply chain worm hits dev environments Apr 22, 2026 - : Plus, the payload references 'TeamPCP/LiteLLM method' npm supply chain another worm hits dev https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/ Our plan for a more secure npm supply chain - The GitHub Blog Sep 23, 2025 - GitHub is strengthening npm's security with stricter authentication, granular tokens, and enhanced trusted publishing. npm supply chain plan secure github blog https://thehackernews.com/2026/03/axios-supply-chain-attack-pushes-cross.html Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying cross-platform RAT malware. supply chain attack cross platform via compromised axios pushes https://www.trendmicro.com/en_us/research/26/c/axios-npm-package-compromised.html Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly... supply chain attack npm package http client axios compromised https://securityaffairs.com/191215/malware/checkmarx-supply-chain-attack-impacts-bitwarden-npm-distribution-path.html Checkmarx supply chain attack impacts Bitwarden npm distribution path Apr 25, 2026 - Bitwarden CLI hit by the Checkmarx supply chain attack. Version 2026.4.0 shipped malicious code in bw1.js via a compromised GitHub Action. checkmarx supply chain attack impacts bitwarden npm https://safedep.io/pmg-dependency-cooldown/ PMG dependency cooldown: wait on fresh npm versions - Real-time Open Source Software Supply Chain... PMG dependency cooldown filters freshly published npm versions during install. What PMG does, how cooldown works, proxy mode, config.yml, and the CLI skip flag. time open source software supply pmg dependency cooldown https://www.koi.ai/blog/axios-compromised-a-supply-chain-attack-on-npms-most-popular-http-client axios Compromised: A Supply Chain Attack on npm's Most Popular HTTP Client supply chain attack axios compromised npm popular https://riskprofiler.io/blog/axios-npm-compromise-why-cisos-must-rethink-supply-chain-risk Axios npm Compromise: Why CISOs Must Rethink Supply Chain Risk - RiskProfiler Axios npm compromise exposes a new era of software supply chain attacks driven by identity hijacking and hidden dependencies. Learn how CISOs can strengthen... supply chain risk must rethink axios npm compromise https://nubetia.com/malicious-npm-packages-exploit-ethereum-smart-contracts-in-supply-chain-attack/ Malicious npm Packages Exploit Ethereum Smart Contracts in Supply Chain Attack - Nubetia Sep 3, 2025 - A new malicious campaign has been uncovered targeting developers through npm packages and GitHub repositories, leveraging an unusual tactic: hiding... supply chain attack smart contracts malicious npm packages