·HIGH7.5·confirmed
microsop npm Cluster: Dependency-Confusion Campaign Targeting Apple Internal CI/CD (2026)
npm publisher microsop pushed 36 versions across 6 Apple-themed packages between May 4–11, 2026, fingerprinting Apple internal CI and exfiltrating npmrc, env vars, and git origin to 12 rotating webhook.site endpoints.
벡터 / Dependency confusion플랫폼 / npm분량 / 7분
