Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...
Bad actors using typo-squatting place 39 malicious packages in npm that went undetected for two weeks. How should the open source community respond? Software development relies heavily on trust, ...
The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...