infoworld.com

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks (opens in new tab)

Covers 2 stories See all stories this covers including Mini Shai-Hulud strikes again: npm worm compromises hundreds of @antv packagesCovered by kite.kagi.com, csoonline.com

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, this time targeting the widely-used AntV enterprise data visualization tool. Unlike last week’s high-profile npm attack on TanStack, which exploited a complex GitHub Actions cache poisoning weakness, the latest incident early on May 19 took the more conventional route of compromising the credentials of a high-value npm maintainer account. According to analysis by SafeDep, ...

Read the original article
Sign in to keep reading the full article.
Sign UpLog In

Covered in 3 articles

csoonline.com·

GitHub admits major source code leak after 3,800 internal repositories breached

Feeds
csoonline.com·

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

Feeds

In other languages

kite.kagi.com·

Mini Shai-Hulud 웜, 수백 개의 npm 패키지 감염

Feeds

Keyboard Shortcuts

Navigation

Next / previous post
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Discover
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help