A security firm reveals that over 120 malicious packages have been stealing developer credentials since August, exploiting a security 'blind spot' in NPM. Read
Analysis of the EtherHiding technique: The next generation of 'bulletproof' malware hosting that leverages blockchain immutability and anonymity to evade detection and takedown. Read
After the Shai-Hulud worm attack, GitHub announces major npm changes: Trusted Publishing, mandatory 2FA, and the end of legacy tokens. Read