packages
-
Over 800 npm Packages Found with Discrepancies, 18 Exploitable to ‘Manifest Confusion’
New research has discovered over 800 packages in the npm registry which have discrepancies from their registry entries, out of…
Read More » -
Watch Out: These PyPI Python Packages Can Drain Your Crypto Wallets
Threat hunters have discovered a set of seven packages on the Python Package Index (PyPI) repository that are designed to…
Read More » -
Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems
The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the…
Read More » -
North Korean Hackers Targeting Developers with Malicious npm Packages
A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean…
Read More » -
New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics
Cybersecurity researchers have discovered two malicious packages on the Python Package Index (PyPI) repository that were found leveraging a technique…
Read More » -
Ubuntu ‘command-not-found’ Tool Could Trick Users into Installing Rogue Packages
Cybersecurity researchers have found that it’s possible for threat actors to exploit a well-known utility called command-not-found to recommend their…
Read More » -
CISA and OpenSSF Release Framework for Package Repository Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that it’s partnering with the Open Source Security Foundation (OpenSSF) Securing…
Read More » -
DirtyMoe Malware Infects 2,000+ Ukrainian Computers for DDoS and Cryptojacking
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been…
Read More » -
Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub
Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys…
Read More »