Information security
fromnews.bitcoin.com
9 hours agoGitHub Worm Hits npm Packages With 16M Downloads
A GitHub Actions cache poisoning attack enabled malicious npm packages to pass provenance checks, while a dead-man’s switch wipes developer machines if the npm token is revoked.