Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
Between April 21 and 23, 2026, three coordinated supply chain campaigns targeted npm, PyPI, and Docker Hub, aiming to steal developer and CI/CD credentials. The incidents included a trojanized ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results