Unpacking the AsyncAPI npm supply chain compromise and import-time payload delivery
Threat actors compromised AsyncAPI packages and weaponized trusted CI/CD workflows to distribute malware through npm.
Security
The Microsoft Threat Intelligence community is made up of world-class experts, security researchers, analysts, and threat hunters who analyze 100 trillion signals daily to discover threats and deliver timely and relevant insight to protect customers. See our latest findings, insights, and guidance.