InfoWorld

From typos to takeovers: Inside the industrialization of npm supply chain attacks

A dramatic spike in npm-focused intrusions shows how attackers have shifted from opportunistic typosquatting to systematic, credential-driven supply chain compromises — exploiting CI systems, ...
CSO Online

Malicious npm packages target the n8n automation platform in a supply chain attack

Researchers discovered malicious npm packages posing as n8n integrations, exfiltrating OAuth tokens and API keys from ...
The Hacker News

n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens

Malicious npm packages posing as n8n community nodes were used to steal OAuth tokens by abusing trusted workflow integrations ...
Live Bitcoin News

How a Web3 Founder Fell Victim to The Notorious North Korean “BeaverTail” Malware

Web3 founder Akshit Ostwal lost $20K to North Korea's BeaverTail malware in a sophisticated crypto scam targeting developers.

TuxCare’s Senior Developer Advocate To Speak at CodeMash 2026

PALO ALTO, CA, UNITED STATES, January 8, 2026 /EINPresswire.com/ -- TuxCare, a global innovator in securing open ...

A simple CodeBuild flaw put every AWS environment at risk – and pwned 'the central nervous system of the cloud'

A critical misconfiguration in AWS's CodeBuild service allowed complete takeover of the cloud provider's own GitHub ...
Infosecurity Magazine

DeadLock Ransomware Uses Polygon Smart Contracts For Proxy Rotation

A ransomware operation known as DeadLock has been observed abusing Polygon blockchain smart contracts to manage and rotate ...