Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets

The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM ...

Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub

Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in ...
CSOonline

North Korea’s ‘Job Test’ trap upgrades to JSON malware dropboxes

North Korea-linked Contagious Interview campaign is now luring developers with trojanized coding tasks and pulling obfuscated payloads from public JSON-storage services like JSON Keeper, JSONSilo, and ...