| Mobile Web

Search results for npm

AI & Enterprise

Supply chain security on alert as M&A targets agent security

Security threats targeting the software supply chain are intensifying as AI spreads, with recent incidents involving a tampered Axios NPM package and trojanised installers distributed via the official Daemon Tools website. Concerns are also emerging that automation features in AI coding tools could amplify supply chain risks. Amid growing interest in AI agents, companies are accelerating moves in agent security, including more M&A activity. The article also lists related developments by OpenAI, Anthropic, the White House, Cisco, KT and others.

AI & Enterprise

Supply chain attacks spread, SAP, Intercom and Lightning packages also hit

Software packages widely used by developers, including those related to SAP, Intercom and Lightning, were repeatedly exposed to hacking attacks, The Register reported. The attacks involved malicious hackers embedding malware in official packages downloaded by developers. When installed, the malware automatically ran to steal GitHub account passwords, cloud access keys for AWS and Google Cloud, and database credentials, then encrypt and send the data to external servers.

AI & Enterprise

Tech Insight: Why software supply chains are being breached quickly amid the spread of AI coding

A widely used software package, Axios, was hacked after attackers took over a maintainer account, added a new dependency and shipped an update. The added package installed a tailored remote-access trojan and erased traces, while many security tools failed to flag it. Andreessen Horowitz partners said the case shows software supply-chain risk rising as AI coding spreads. They cited research finding AI agents more often pick vulnerable versions and enable new attacks such as slopsquatting, while detection remains slow in the industry.