资讯

A terrifying, self-replicating malwaere has infected npm packages with over 2 million ...

Among the compromised npm packages are those from cybersecurity experts CrowdStrike, as well as others with millions of ...
TestingCatalog

GitHub launches MCP registry to centralize server discovery

What's new? GitHub launched the MCP registry to list MCP servers for Copilot, AI agents and tools; it supports one click ...
SecurityWeek

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit

Shai-Hulud is the third major supply chain attack targeting the NPM ecosystem after the s1ngularity attack and the recent ...
NewsBytes

Shai-Hulud worm infects 25 npm packages, including CrowdStrike's

CrowdStrike, a cybersecurity company, is grappling with a self-replicating worm named Shai-Hulud that has compromised numerous code packages.
TestingCatalog

Google unveils AP2 open protocol for agent payments

What's new? Google launches agent payments protocol (AP2) on GitHub for cross-platform payments; AP2 uses cryptographic ...
CSO Online

Warning: Hackers have inserted credential-stealing code into some npm libraries

Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...
Security Boulevard

Shai-Hulud: A Persistent Secret Leaking Campaign

On September 15, a new supply chain attack was identified that targeted the @ctrl/tinycolor and 150 other NPM packages. The ...