Tag: package registry malware

North Korea Expands the Reach of PolinRider Supply Chain Attack Campaign
The North Korean-sponsored threat groups behind the long-running fake interview scams targeting developers are expanding the PolinRider supply chain campaign that has escalated over the past several months. Reports from cybersecurity vendors ...

How GitHub Plans to Secure npm After Recent Supply Chain Attacks
GitHub strengthens npm security after Shai-Hulud worm attack with mandatory 2FA, granular tokens, and trusted publishing to protect the open source supply chain ...

