AI 摘要
一次针对npm生态系统的供应链攻击正在迅速扩大,已超出最初的TanStack和Mistral范围。目前攻击涉及169个软件包名称下的373个恶意包版本,包括uipath、squawk等。恶意软件通过窃取用户的持续集成(CI)凭证进行传播,并利用这些凭证发布新的受感染版本。安全公司Aikido已发布完整的入侵指标、受影响软件包列表和检测步骤。
What a timing. I just talked to Aikido's co-founder and talked about the rise of attacks due to AI.
Well: here we are. Video down below:
Update 5:05 PT: The attack has now expanded well beyond @TanStack and @Mistral. 373 malicious package-version entries across 169 npm package names, including @u...