A threat actor has targeted the Strapi ecosystem in a fresh supply chain attack involving 36 malicious NPM packages, according to supply chain security firm SafeDep. An open source headless CMS built on Node.js, Strapi allows developers to create websites… Read More "Guardarian Users Targeted With Malicious Strapi NPM Packages"
Malicious versions of the highly popular Axios NPM library were distributed to millions in a fresh supply chain attack blamed on North Korean hackers. A promise-based HTTP client that supports asynchronous API requests from Node.js and browsers, Axios is used… Read More "Axios NPM Package Breached in North Korean Supply Chain Attack"
