packages
-
Malicious NPM Packages Target German Companies in Supply Chain Attack
Cybersecurity researchers have discovered a number of malicious packages in the NPM registry specifically targeting a number of prominent companies…
Read More » -
NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages
A “logical flaw” has been disclosed in NPM, the default package manager for the Node.js JavaScript runtime environment, that enables…
Read More » -
GitHub Says Hackers Breached Dozens of Organizations Using Stolen OAuth Access Tokens
Cloud-based repository hosting service GitHub on Friday revealed that it discovered evidence of an unnamed adversary capitalizing on stolen OAuth…
Read More » -
15-Year-Old Bug in PEAR PHP Repository Could’ve Enabled Supply Chain Attacks
A 15-year-old security vulnerability has been disclosed in the PEAR PHP repository that could permit an attacker to carry out…
Read More » -
‘Purple Fox’ Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks
The operators of the Purple Fox malware have retooled their malware arsenal with a new variant of a remote access…
Read More » -
Over 200 Malicious NPM Packages Caught Targeting Azure Developers
A new large scale supply chain attack has been observed targeting Azure developers with no less than 218 malicious NPM…
Read More » -
New Backdoor Targets French Entities via Open-Source Package Installer
Researchers have exposed a new targeted email campaign aimed at French entities in the construction, real estate, and government sectors…
Read More » -
Multiple Security Flaws Discovered in Popular Software Package Managers
Multiple security vulnerabilities have been disclosed in popular package managers that, if potentially exploited, could be abused to run arbitrary…
Read More » -
25 Malicious JavaScript Libraries Distributed via Official NPM Package Repository
Another batch of 25 malicious JavaScript libraries have made their way to the official NPM package registry with the goal…
Read More » -
How Can You Leave Log4J in 2021?
With the last month of 2021 dominated by the log4J vulnerabilities discovery, publication, and patches popping up in rapid succession,…
Read More »