Download pumping: New npm deception technique for supply chain attacks
Source: Tenable
Published:
<p>Learn how attackers exploit automated bot traffic as part of software supply chain attacks to artificially inflate download counters and mask malicious payloads as legitimate.</p> <p>Following recent software supply chain attacks in which Tenable has seen attackers steal access tokens and secrets