TechSecInfo

The tech + cyber briefing: what happened, why it matters, and where it came from.

Cyber Security

Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories

By rooter

Cybersecurity researchers have discovered a malicious npm package named “@acitons/artifact” that typosquats the legitimate “@actions/artifact” package with the intent to target GitHub-owned repositories.
“We think the intent was to have this script execute during a build of a GitHub-owned repository, exfiltrate the tokens available to the build environment, and then use those tokens to publish

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

By rooter

Related Post

Cyber Security

Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

rooter
Cyber Security

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

rooter
Cyber Security

China Upgrades the Backdoor It Uses to Spy on Telcos Globally

rooter

Leave a Reply

You Missed

News

Playing Wolfenstein 3D with one hand in 2026

News

With new plugins feature, OpenAI officially takes Codex beyond coding

News

Outbreak linked to raw cheese grows; 9 cases total, one with kidney failure

News

The European Commission confirmed a cyberattack affecting part of its cloud systems