On Friday, November 7th, Veracode Threat Research discovered a dangerous typosquatting campaign targeting developers using GitHub Actions. The malicious npm package “@acitons/artifact” had accumulated over 206,000 downloads before being removed, posing a significant threat to GitHub-owned repositories and potentially compromising sensitive authentication tokens. The malicious package mimicked the legitimate “@actions/artifact” npm package, which is part […]
The post Malicious npm Package with 206K Downloads Targeting GitHub Repositories to Steal Tokens appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
This article has been indexed from GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Read the original article: