The tech world is abuzz with the potential of AI and automated development, but this rapid advance is fueling a massive increase in regulatory scrutiny and supply chain risk. While many teams rely on source code scanning, focusing on code alone leaves a critical “malware blind spot” in the software supply chain. Today’s applications are …
The Breach: A High-Impact Compromise JounQin’s npm account, the maintainer of popular packages such as eslint-config-prettier, was compromised in a phishing attack. The attackers used the breached credentials to publish six malicious versions of eslint-config-prettier, along with three additional infected packages tied to the same account. In total, the compromised packages see roughly 78 million …
Software package hijacking has become a prominent concern for individuals, businesses, and the cybersecurity community at large. We’ve seen this new threat trend rise over the past couple of years, with the potential to severely impact the software supply chain by attackers exploiting software packages to execute malicious code. This blog post details a case …
