On Friday, November 7th, Veracode Threat Research discovered a dangerous typosquatting campaign targeting developers using GitHub Actions. The malicious npm package >>@acitons/artifact<< had accumulated over 206,000 downloads before being removed, posing a significant threat to GitHub-owned repositories and potentially compromising sensitive authentication tokens. The malicious package mimicked the legitimate >>@actions/artifact<< npm package, which is part [...] The post Malicious npm Package with 206K Downloads Targeting GitHub Repositories to Steal Tokens appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform. First seen on gbhackers.com Jump to article: gbhackers.com/malicious-npm-package/
