On November 7th, security researchers discovered a dangerous malicious npm package called “@acitons/artifact” that had already been downloaded more than 206,000 times. The package was designed to look like the legitimate “@actions/artifact” package used by developers building tools with GitHub Actions. This was a classic typosquatting attack where the attackers swapped the letters to make
The post Malicious npm Package with 206k Downloads Attacking GitHub-Owned Repositories to Exfiltrate Tokens appeared first on Cyber Security News. Read More
Posted inNews