Techzine Europe

Microsoft gives guidance on Shai-Hulud 2.0 supply chain attack

The return of the Shai-Hulud supply chain attack was dubbed 'The Second Coming' shortly after the first warning about it on ...
Cybernews

Microsoft urges users to change passwords, as the Dune-inspired worm hits again

A new Shai-Hulud 2.0 worm is attacking the software supply chain, compromising npm packages, CI/CD systems, and harvesting ...
InfoWorld

Did your npm pipeline break today? Check your ‘classic’ tokens

A spate of supply chain attacks forces GitHub’s npm to revoke ‘classic’ tokens. Despite this, larger worries about developer ...
CSOonline

Prettier-ESLint npm packages hijacked in a sophisticated supply chain attack

Popular configuration packages for integrating Prettier with ESLint, the widely used code formatting tools within JavaScript and TypeScript projects, were hijacked after a maintainer fell victim to a ...
GIGAZINE

Unauthorized access to dozens of private repositories including 'npm' occurred on GitHub, what is the damage situation and countermeasures?

The GitHub security team discovered unauthorized access to npm's private repository on April 12, 2022. As a result of investigating the cause of unauthorized access, access tokens to private ...