Unpacking the AsyncAPI npm supply chain compromise and import-time payload delivery
Threat actors compromised AsyncAPI packages and weaponized trusted CI/CD workflows to distribute malware through npm.
Security
Supply chain attacks target software developers and suppliers with the goal of accessing source codes, building processes, or updating mechanisms. Explore how attackers exploit weaknesses to compromise trusted systems and distribute malicious code.