InfoWorld

From typos to takeovers: Inside the industrialization of npm supply chain attacks

A dramatic spike in npm-focused intrusions shows how attackers have shifted from opportunistic typosquatting to systematic, credential-driven supply chain compromises — exploiting CI systems, ...
CSO Online

Sophisticated VoidLink malware framework targets Linux cloud servers

Check Point researchers have discovered a modular malware framework likely designed by Chinese developers to harvest ...
GitHub

Transform ESM imports to CJS requires when the imported module is pure CJS.

Some packages only provide CJS builds (e.g., typescript, @babel/parser), and importing them using ESM syntax increases Node's cjs-module-lexer overhead. This plugin converts ESM imports to CJS ...
SiliconANGLE

Shai Hulud malware turns developers into unwitting distributors in NPM supply chain attacks

A new report out today from managed detection and response company Expel Inc. details a newly identified variant of the Shai Hulud malware that is demonstrating how software supply chain attacks are ...