BattleRemote3157

• @redhat-cloud-services publish pipeline is compromised today and shipped a signed, trusted, malicious npm package

  Posted by BattleRemote3157@reddit | programming | View on Reddit | 60 comments

• Someone hid a full RAT inside a fake npm package and exfiltrated victim data to HuggingFace

  Posted by BattleRemote3157@reddit | programming | View on Reddit | 101 comments

• mass github repo backdooring via CI workflows(Megalodon)

  Posted by BattleRemote3157@reddit | programming | View on Reddit | 8 comments

• 314 npm packages just got compromised, 271 @antv, echarts-for-react, size-sensor, timeago.js

  Posted by BattleRemote3157@reddit | programming | View on Reddit | 186 comments

• Mass npm Supply Chain Attack Hits TanStack, Mistral AI, and 170+ Packages

  Posted by BattleRemote3157@reddit | programming | View on Reddit | 125 comments

• Mass npm Supply Chain Attack Hits TanStack, Mistral AI, and 170+ Packages

  Posted by BattleRemote3157@reddit | programming | View on Reddit | 1 comments

• Someone compromised SAP's npm packages and used the CI pipeline against itself

  Posted by BattleRemote3157@reddit | programming | View on Reddit | 15 comments

• axios 1.14.1 and 0.30.4 on npm are compromised - dependency injection via stolen maintainer account

  Posted by BattleRemote3157@reddit | programming | View on Reddit | 85 comments

• Scanning your codebase for AI SDK usage the same way you scan for vulnerable dependencies

  Posted by BattleRemote3157@reddit | programming | View on Reddit | 1 comments

• Dependency cooldown using the publish age as a signal for package resolution

  Posted by BattleRemote3157@reddit | programming | View on Reddit | 9 comments

• @fairwords npm packages compromised by a self-propagating credential worm - steals tokens, infects other packages you own, then crosses to PyPI

  Posted by BattleRemote3157@reddit | programming | View on Reddit | 32 comments

• Someone is actively publishing malicious packages targeting the Strapi plugin ecosystem right now

  Posted by BattleRemote3157@reddit | programming | View on Reddit | 36 comments

• Using CEL's now() to enforce dependency cooldown periods - block packages published in the last N hours

  Posted by BattleRemote3157@reddit | programming | View on Reddit | 15 comments

• What happened in march 2026

  Posted by BattleRemote3157@reddit | programming | View on Reddit | 0 comments

• Claude source code got leaked

  Posted by BattleRemote3157@reddit | programming | View on Reddit | 1 comments

• Heard about recent telnyx supply chain attack?

  Posted by BattleRemote3157@reddit | programming | View on Reddit | 1 comments