New Malicious npm Package Highlights the Speed at Which Supply Chain Risks Propagate

Tenable Research investigated a malicious package in the npm public registry named “amber-src” that underscores the rapid nature of modern supply chain attacks. The package, which was downloaded ...
Bleeping Computer

Dozens of malicious packages on NPM collect host and network data

60 packages have been discovered in the NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat actor. According to Socket’s Threat ...
WinBuzzer

WinApp CLI v0.2 Now Supports .NET, Manifest Placeholders, and More

Microsoft has updated Windows App Development CLI to v0.2, adding .NET support, manifest placeholders, and Microsoft Store ...