#malicious-packages

[ follow ]
#npm #cybersecurity #supply-chain-attack #supply-chain-security #software-supply-chain-attack
Information security
fromThe Hacker News
1 day ago

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Five malicious Rust crates disguised as time utilities steal .env files containing API keys and secrets, exfiltrating data to threat actor infrastructure.
Information security
fromThe Hacker News
1 week ago

Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens

A malicious NuGet package named StripeApi.Net impersonated Stripe's legitimate library to steal financial sector developers' API tokens and sensitive data.
Information security
fromThe Hacker News
1 month ago

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two malicious PyPI packages disguised as spellcheckers delivered a Python RAT via a base64 payload hidden in a Basque dictionary file.
#npm
fromZDNET
5 months ago
Information security

5 ways to spot software supply chain attacks and stop worms - before it's too late

fromZDNET
5 months ago
Information security

5 ways to spot software supply chain attacks and stop worms - before it's too late

more#npm
Information security
fromThe Hacker News
7 months ago

North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign

North Korean threat actors are deploying malicious npm packages as part of ongoing software supply chain attacks against the open-source ecosystem.
fromIT Pro
8 months ago

Developers face a torrent of malware threats as malicious open source packages surge 188%

"Attackers are no longer simply experimenting with open source. The numbers are telling us that threat actors have identified data as the most profitable target, and developers as the easiest way in."
Privacy technologies
[ Load more ]