The Miasma malware campaign has claimed another victim, poisoning more than 20 versions of legitimate npm packages used by the Leo Platform and RStreams ecosystems as its operators continue refining ...
Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm packages, ...
As many as 145 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have ...
Microsoft’s monthly update included 206 fixes for flaws in everything from Windows to Office to Exchange Server, not to mention three zero-days.
depx is a fast, passive supply-chain intelligence CLI. It tells you whether a package is known malicious (hijacked publishes, credential stealers, install-script backdoors) by matching against OpenSSF ...