In Operation Muck and Load, over 200 GitHub repositories serve a Go module that leads to Windows malware infections.
geobr is a computational package to download official spatial data sets of Brazil. The package covers a wide range of spatial data sets, available at various geographic scales and for various years ...
According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to ...
Excel is everywhere—more than 750 million people open a workbook each year to balance budgets, fine-tune supply chains, and ...
The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.