In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack.| BleepingComputer
文章 链接到标题 技术 链接到标题 ToB SaaS 服务之殇 - Jiajun的技术笔记 多云,云之间的复杂度,又无法全部屏蔽掉,因此配置项更多 很多客户不想用公有云,要赚钱,还得提供一套私有云部署,如果是私有云,debug 那叫一个难 三大云厂商,产品大体相似,但又各种不同,要会的知识太多,细节太多;如果还要接入更小的云,那就更复杂了 为啥 [[SaaS]] 还要让客户感知是哪个...| Yiran's Blog
Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted phishing email.| SecurityWeek
Disaster was averted after widely used open-source packages were compromised via social engineering.| CyberScoop
On Sept 8, a maintainer’s npm account was phished and attackers pushed malicious updates to 18 popular packages (including chalk and debug). The payload targeted browser environments and could hijack Web3 wallet interactions. Collectively, the impacted packages see billions of weekly downloads, so even short-lived exposure has a big blast radius.| IPConfig.in - What is My IP Address?
That NPM attack could have been so much worse.| xeiaso.net
