npm
-
Over 800 npm Packages Found with Discrepancies, 18 Exploitable to ‘Manifest Confusion’
New research has discovered over 800 packages in the npm registry which have discrepancies from their registry entries, out of…
Read More » -
North Korean Hackers Targeting Developers with Malicious npm Packages
A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean…
Read More » -
Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub
Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys…
Read More » -
Npm Trojan Bypasses UAC, Installs AnyDesk with “Oscompatible” Package
A malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows…
Read More » -
Three Ways To Supercharge Your Software Supply Chain Security
Section four of the “Executive Order on Improving the Nation’s Cybersecurity” introduced a lot of people in tech to the…
Read More » -
15,000 Go Module Repositories on GitHub Vulnerable to Repojacking Attack
New research has found that over 15,000 Go module repositories on GitHub are vulnerable to an attack called repojacking. “More…
Read More » -
48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems
A new set of 48 malicious npm packages have been discovered in the npm repository with capabilities to deploy a…
Read More » -
Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack
A new deceptive package hidden within the npm package registry has been uncovered deploying an open-source rootkit called r77, marking…
Read More »