T
traeai
Sign in

人物

Ashish Kurmi

External researcher who detected the malicious versions.

已跟踪 1 条高相关材料

TraeAI 观察

最近变化

2026-05-11 · Attackers exploited pull_request_target and GitHub Actions cache poisoning to publish 84 malicious versions in 6 minute...

为什么值得关注

Ashish Kurmi 被反复提及时,通常意味着它正在影响产品路线、开发者工作流或 AI 产业判断。这个页面把分散材料合并成一个可持续更新的观察入口。

GitHub ActionsnpmSecuritySupply ChainTanStack

如果只读 3 篇

1

Postmortem: TanStack npm supply-chain compromise

Hacker News Best · 9.5

TanStack suffered an npm supply-chain compromise on May 11, 2026, where attackers published 84 malicious versions across 42 packages using...

相关材料

已收录 1 条与 Ashish Kurmi 相关的内容,按评分排序。

Postmortem: TanStack npm supply-chain compromise

Postmortem: TanStack npm supply-chain compromise

Hacker News Best2746 字 (约 11 分钟)
95

TanStack suffered an npm supply-chain compromise on May 11, 2026, where attackers published 84 malicious versions across 42 packages using GitHub Actions cache poisoning and OIDC token extraction without stealing npm tokens directly.

入选理由:Attackers exploited pull_request_target and GitHub Actions cache poisoning to publish 84 malicious versions in 6 minutes.

FeaturedArticle#Security#Supply Chain#npm#GitHub Actions#TanStack英文

跨材料问答 · Ashish Kurmi

回答基于:Ashish Kurmi 相关 1 条材料
    0 / 500

    AI may generate inaccurate information. Please verify important content.