Malicious NPM "Sandworm" packages targeting AI toolchains and DevSecOps (phoenix.security) 2 points by nuzzl 4mo ago ↗ HN
[–] nuzzl 4mo ago ↗ With the recent 'Sandworm' attack involving AI-generated NPM packages, we're seeing a new supply chain vector: developers asking LLMs for library recommendations and getting hallucinated (but real and malicious) package names.
1 comment
[ 1.5 ms ] story [ 13.2 ms ] thread