DevTools Feed

Code snippet of malicious strapi-plugin-events npm package exfiltrating credentials

Strapi Plugin or Trojan Horse? Malicious npm Packs That Steal Your Secrets

Ever wonder if that shiny new Strapi plugin is secretly phoning home with your database creds? One dev team's nightmare is now live on npm.

3 min read 3 days, 6 hours ago

Warning sign over axios NPM package with cracked lock icon

Databases & Backend

Axios Maintainer Hacked: NPM's Latest Supply Chain Nightmare

Two axios versions went rogue on npm, slipping in a trojan that phones home to hackers. Your dev machine could be compromised—here's the acerbic truth behind the breach.

3 min read 4 days, 7 hours ago

Compromised Trivy Docker image tags on Docker Hub with malware warning overlay

Databases & Backend

Trivy Hack: How Attackers Hijacked Docker's Trusted Tags

Threat actors turned a popular vuln scanner into a credential thief. Docker Hub users: check your logs yesterday.

4 min read 4 days, 8 hours ago

#supply chain attack

Strapi Plugin or Trojan Horse? Malicious npm Packs That Steal Your Secrets

Axios Maintainer Hacked: NPM's Latest Supply Chain Nightmare

Trivy Hack: How Attackers Hijacked Docker's Trusted Tags

Stay in the loop