Supply chain attackers increasingly target developer workstation credentials

The Hacker News

Recent campaigns targeting npm, PyPI, and Docker Hub have shifted focus toward harvesting API keys, SSH tokens, and cloud credentials from developer environments. These attacks exploit local tools and AI assistants to gain unauthorized access before code even reaches version control systems.

Cybersecurity

The Hacker News

29 days ago