SecurityWeek

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and ...
Bleeping Computer

New IronWorm malware hits 36 packages in npm supply-chain attack

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
theregister

Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise

The most popular impacted package is size-sensor, downloaded 4.2 million times per month, followed by echarts-for-react (3.8 million), @antv/scale (2.2 million) and timeago.js (1.15 million). The ...
Game Rant

How To Fix Warning Crush Depth Hull Damage Imminent In Subnautica 2

Nahda Nabiilah is a writer and editor from Indonesia. She has always loved writing and playing games, so one day she decided to combine the two. Most of the time, writing gaming guides is a blast for ...
Polygon

How to get the depth module tadpole upgrade in Subnautica 2

Getting a depth module in Subnautica 2 increases your tadpole submarine's depth resistance and lets you explore further without having to worry about finding oxygen spots. However, you'll reach the ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...