Download pumping: New npm deception technique for supply chain attacks
Learn how attackers exploit automated bot traffic as part of software supply chain attacks to artificially inflate download counters and mask malicious payloads as legitimate.Key takeawaysVolume doesn’t equal trust. Packages with numerous versions and high download counts might seem legitimate, but attackers can easily manipulate those metrics. Attackers exploit automated infrastructure ... Read More
Supply chain attack on Axios npm package: Scope, impact, and remediations
The Axios npm package has been compromised in a supply chain attack that uploaded new versions of the package containing malicious code. Any environment that downloaded these compromised Axios versions is at risk of severe data theft, including the loss of credentials and API keys. Scan your environment now. Key takeawaysThis ... Read More
