Product
critical
advisory
Compromised OpenSearch Pre-Release npm Packages in Supply Chain Attack
2 rules 1 TTPMultiple npm and PyPi packages, including OpenSearch pre-release packages, were compromised in a supply chain attack, potentially leading to arbitrary code execution on developer or user systems.
OpenSearch +2
supply-chain-compromise
npm
pypi
2r
1t
high
advisory
CanisterSprawl: Self-Propagating npm Malware Campaign
2 rules 6 TTPsThe CanisterSprawl malware campaign targets npm packages, using a self-propagating approach to steal sensitive data from developer machines, including tokens and API keys, and attempting to publish malicious packages using hijacked credentials.
npm packages
supply-chain
malware
npm
2r
6t