Display options

You can modify the default view of progscrape using query parameters.

Feedback? Email [email protected]

progscrape https://rpi4-host.progscrape.com/
Trending tags: ai  rust  github.com  vibecoding  arstechnica.com  apple  i.redd.it  health  linux  windows  microsoft  security  database  video  web  psychology  nature.com  release  techspot.com  psypost.org 

Config Files That Run Code: Supply Chain Security Blindspot

22 days ago safedep.io

a fake bug fix PR hid a credential stealer in astro.config.mjs that used blockchain to receive commands

18 days ago safedep.io

someone actually leaked the Miasma supply chain attack toolkit source code on github

21 days ago safedep.io github

@redhat-cloud-services publish pipeline is compromised today and shipped a signed, trusted, malicious npm package

29 days ago safedep.io

Mass NPM Supply Chain Attack Hits TanStack, Mistral AI, and 170 Packages

49 days ago safedep.io ai javascript

Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised

42 days ago safedep.io

Megalodon: Mass GitHub Repo Backdooring via CI Workflows

39 days ago safedep.io github security

Someone hid a full RAT inside a fake npm package and exfiltrated victim data to HuggingFace

32 days ago safedep.io

Someone compromised SAP's npm packages and used the CI pipeline against itself

2 months ago safedep.io

@fairwords npm packages compromised by a self-propagating credential worm - steals tokens, infects other packages you own, then crosses to PyPI

2 months ago safedep.io

Someone is actively publishing malicious packages targeting the Strapi plugin ecosystem right now

2 months ago safedep.io

Dependency cooldown using the publish age as a signal for package resolution

2 months ago safedep.io signal

axios 1.14.1 and 0.30.4 on npm are compromised - dependency injection via stolen maintainer account

3 months ago safedep.io javascript

TeamPCP strikes again - telnyx 4.87.1 and 4.87.2 on PyPI are malicious

3 months ago safedep.io

Malicious litellm 1.82.8: Credential Theft and Persistent Backdoor

3 months ago safedep.io

Using CEL's now() to enforce dependency cooldown periods - block packages published in the last N hours

3 months ago safedep.io javascript

Agent Skills Threat Model

5 months ago safedep.io

Reverse Engineering Malicious Visual Studio Code Extension DarkGPT

6 months ago safedep.io

React RCE vul technical blog

6 months ago safedep.io javascript react

Shai-Hulud Second Coming: Software Supply Chain Attack Exposing Code and Harvesting Credentials

7 months ago safedep.io

Curious Case of Embedded Executable in a Newly Introduced Go Transitive Dependency

8 months ago safedep.io embedded go

Self-replicating worm like behaviour in latest npm Supply Chain Attack

9 months ago safedep.io

TensorFlow.js Typosquatting Attack: Malicious Package Targeting AI/ML Developers

10 months ago safedep.io

eslint-config-prettier Compromised: How npm Package with 30 Million Downloads Spread Malware

11 months ago safedep.io malware

Malicious npm eslint-config-airbnb-compat Package Hides Detection with Payload Splitting

12 months ago safedep.io

Malicious npm Package Impersonating Popular Express Cookie Parser

14 months ago safedep.io parser