Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
GitHub

SECURITY: @redhat-cloud-services packages compromised — malicious preinstall payload (credential stealer / worm) #493

Audit the GitHub Actions release workflow for tampering. Check sibling @redhat-cloud-services/* packages for the same preinstall + index.js size anomaly (likely same compromised pipeline). Advisory ...
GitHub

hxu296/leetcode-company-wise-problems-2022

Customer stories Events & webinars Ebooks & reports Business insights GitHub Skills ...