Microsoft analyzes the AsyncAPI npm package compromise, saying attackers abused trusted CI/CD workflows and import-time payload delivery to distribute malware through open-source packages in the JavaScript supply chain.
Unpacking the AsyncAPI npm supply chain compromise and import-time payload delivery
Microsoft analyzes the AsyncAPI npm package compromise, saying attackers abused trusted CI/CD workflows and import-time payload delivery to distribute malware through open-source packages in the JavaScript supply chain.
Source: Microsoft