A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
Between April 21 and 23, 2026, three coordinated supply chain campaigns targeted npm, PyPI, and Docker Hub, aiming to steal developer and CI/CD credentials. The incidents included a trojanized ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results