packages
-
Hackers Flood NPM with Bogus Packages Causing a DoS Attack
Threat actors are flooding the npm open source package repository with bogus packages that briefly even resulted in a denial-of-service…
Read More » -
Researchers Discover Critical Remote Code Execution Flaw in vm2 Sandbox Library
The maintainers of the vm2 JavaScript sandbox module have shipped a patch to address a critical flaw that could be…
Read More » -
FBI Cracks Down on Genesis Market: 119 Arrested in Cybercrime Crackdown
A coordinated international law enforcement operation has dismantled Genesis Market, an illegal online marketplace that specialized in the sale of…
Read More » -
Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
A malicious Python package on the Python Package Index (PyPI) repository has been found to use Unicode as a trick…
Read More » -
Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malware
The NuGet repository is the target of a new “sophisticated and highly-malicious attack” aiming to infect .NET developer systems with…
Read More » -
BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads
Cyber Threat Intelligence The malware downloader known as BATLOADER has been observed abusing Google Ads to deliver secondary payloads like…
Read More » -
Experts Identify Fully-Featured Info Stealer and Trojan in Python Package on PyPI
Software Security / CodingSec A malicious Python package uploaded to the Python Package Index (PyPI) has been found to contain…
Read More » -
Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries
Software Security / Supply Chain Attack Cybersecurity researchers are warning of “imposter packages” mimicking popular libraries available on the Python…
Read More » -
Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links
Open Source / Supply Chain Attack In what’s a continuing assault on the open source ecosystem, over 15,000 spam packages…
Read More » -
Researchers Hijack Popular NPM Package with Millions of Downloads
Supply Chain / Software Security A popular npm package with more than 3.5 million weekly downloads has been found vulnerable…
Read More »