Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
CU Boulder News & Events

Center for Astrophysics and Space Astronomy - CASA

The Center for Astrophysics and Space Astronomy (CASA) is dedicated to advancing our understanding of the Universe in which we live through observations, theory, and the development of ground-based ...
Microsoft

Typosquatted npm packages used to steal cloud and CI/CD secrets

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...