Destination
Npm package with millions of downloads is at risk from malware hijacking

Hackers were deploying malware through a popular npm package for six hours. [...]

Rating

Innovation

Pricing

Technology

Usability

We have discovered similar tools to what you are looking for. Check out our suggestions for similar AI tools.

venturebeat
Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a [...]

Match Score: 387.18

venturebeat
Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

Any development environment that installed or imported one of the 172 compromised npm or PyPI packages published since May 11 should be treated as potentially compromised. On affected developer workst [...]

Match Score: 336.11

venturebeat
Valid certificates, stolen accounts: how attackers broke npm's last trust signal

On May 19, 633 malicious npm package versions passed Sigstore provenance verification. They were cleared by the system because the attacker had generated valid signing certificates from a compromised [...]

Match Score: 148.47

venturebeat
Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering

Four supply-chain incidents hit OpenAI, Anthropic and Meta in 50 days: three adversary-driven attacks and one self-inflicted packaging failure. None targeted the model, and all four exposed the same g [...]

Match Score: 134.88

venturebeat
MCP stacks have a 92% exploit probability: How 10 plugins became enterprise security's biggest blind spot

The same connectivity that made Anthropic's Model Context Protocol (MCP) the fastest-adopted AI integration standard in 2025 has created enterprise cybersecurity's most dangerous blind spot. [...]

Match Score: 121.78

venturebeat
GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and au [...]

Match Score: 97.86

venturebeat
How recruitment fraud turned cloud IAM into a $2 billion attack surface

A developer gets a LinkedIn message from a recruiter. The role looks legitimate. The coding assessment requires installing a package. That package exfiltrates all cloud credentials from the developerâ [...]

Match Score: 80.17

venturebeat
Claude Code's source code appears to have leaked: here's what we know

Anthropic appears to have accidentally revealed the inner workings of one of its most popular and lucrative AI products, the agentic AI harness Claude Code, to the public.A 59.8 MB JavaScript source m [...]

Match Score: 55.66

venturebeat
Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain

One employee at Vercel adopted an AI tool. One employee at that AI vendor got hit with an infostealer. That combination created a walk-in path to Vercel’s production environments through an OAuth gr [...]

Match Score: 54.65