AsyncAPI npm Packages With 2M Weekly Downloads Compromised via GitHub Actions

A supply chain compromise has placed AsyncAPI npm packages at the center of a developer security incident. Five trojanized releases, with roughly 2.9 million combined weekly downloads, were published after an attacker gained access to an npm publishing token. The incident creates risk for development workstations, build servers, and environments that loaded the affected modules. […]

The post AsyncAPI npm Packages With 2M Weekly Downloads Compromised via GitHub Actions appeared first on Cyber Security News.

This article has been indexed from Cyber Security News

Read the original article: