based.info

Breaking Technology

TanStack Supply Chain Attack Exploited GitHub Actions to Publish 84 Malicious npm Packages in Six Minutes

Coordinated breach weaponised OIDC tokens and CI/CD automation to compromise 42 packages with credential-harvesting payloads, exposing structural flaws in trusted publishing.

7 min read · 4 weeks ago

Breaking AI Technology

TeamPCP Compromises 170+ npm Packages in Coordinated AI Infrastructure Attack

Supply chain assault targets Mistral AI, TanStack, UiPath, and OpenSearch in first npm worm producing valid security provenance

8 min read · 4 weeks ago

Breaking Technology

Axios npm Attack Exposes Critical Flaw in Open-Source Security Model

Compromised maintainer credentials bypassed GitHub protections to inject remote-access trojan into package with 100 million weekly downloads, revealing systemic npm governance failure.

8 min read · 2 months ago

Breaking Technology

Axios HTTP Library Compromised in Sophisticated npm Supply Chain Attack

Malicious versions of JavaScript's most-used HTTP client deployed cross-platform RAT to 83 million weekly downloads via hijacked maintainer account.

8 min read · 2 months ago