The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
GitHub

StrivingRabbit/git-webhook-handler

Git 服务器的仓库都提供了 Webhooks 功能。每当代码仓库中有事件发生时,比如 push 代码,提 issue,提交 pull request ...