Recherche : [NPM] - Cyberveille

Hijacking S3 Buckets: New Attack Technique https://checkmarx.com/blog/hijacking-s3-buckets-new-attack-technique-exploited-in-the-wild-by-supply-chain-attackers/

18/06/2023 12:34:45

Without altering a single line of code, attackers poisoned the NPM package “bignum” by hijacking the S3 bucket serving binaries necessary for its function and replacing them with malicious ones

Who Broke NPM?: Malicious Packages Flood Leading to Denial of Service https://medium.com/checkmarx-security/who-broke-npm-malicious-packages-flood-leading-to-denial-of-service-77ac707ddbf1

05/04/2023 08:42:35

We’ve seen spam campaigns in the open-source ecosystems in the past year, but this month was by far the worst one we’ve seen yet. Apparently, attackers found the unvetted open-source ecosystems as an…

Phylum Detects Ongoing Typosquat/Ransomware Campaign in PyPI and NPM https://blog.phylum.io/phylum-detects-active-typosquatting-campaign-in-pypi

12/12/2022 15:55:58

Malicious packages that download ransomware binaries written in Golang published today, with more expected in the coming hours.

Threat Alert: Private npm Packages Disclosed via Timing Attacks https://blog.aquasec.com/private-packages-disclosed-via-timing-attack-on-npm

14/10/2022 09:42:51

Via timing attacks, threat actors create phony public npm packages masked as private ones to deceive developers into downloading compromised packages

Software Supply Chain Attackers; Organized, Persistent, and Operating for over a Year https://medium.com/checkmarx-security/lofygang-aad0c32d801c

10/10/2022 06:26:22

Checkmarx discovered ~200 malicious NPM packages with thousands of installations linked to an attack group called “LofyGang”.

npm Supply Chain Attack Targeting Germany-Based Companies https://jfrog.com/blog/npm-supply-chain-attack-targets-german-based-companies/

11/05/2022 11:32:33

The JFrog Security Research team identified and quickly disclosed new npm malicious packages aimed at compromising leading industrial organizations

Sabotage: Code added to popular NPM package wiped files in Russia and Belarus | Ars Technica https://arstechnica.com/information-technology/2022/03/sabotage-code-added-to-popular-npm-package-wiped-files-in-russia-and-belarus/

20/03/2022 00:02:22

When code with millions of downloads nukes user files, bad things can happen.

19/03/2022 23:54:09

In what's an act of deliberate sabotage, the developer behind the popular "node-ipc" NPM package shipped a new tampered version to condemn Russia's invasion of Ukraine, raising concerns about security in the open-source and the software supply chain.

Liens par page

Filtres