Information security
fromtheregister
11 hours agoCache-poisoning caper turns TanStack npm packages toxic
Eighty-four malicious TanStack npm package versions stole credentials, self-propagated, and wiped disks after poisoning GitHub Actions caches and extracting npm OIDC tokens.