Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
10 résultats taggé Package  ✕
Linux Foundation Announces the FAIR Package Manager Project for Open Source Content Management System Stability https://www.linuxfoundation.org/press/linux-foundation-announces-the-fair-package-manager-project-for-open-source-content-management-system-stability
09/06/2025 23:07:48
QRCode
archive.org

Today, the Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the launch of the FAIR Package Manager project, a federated and independent repository of trusted plugins and themes for web hosts, commercial plugin and tool developers in the WordPress ecosystem and end users. The FAIR Package Manager project, through its contributors, creates net new interoperability, making the web publishing ecosystem more innovative and accessible for all.

Vendor-neutral package management for content management systems like WordPress provides critical universal infrastructure that addresses the new realities of content, e-commerce and AI. The FAIR Package Manager project helps make plugins and tools more discoverable and lets developers choose where to source those plugins depending on the needs of their supply chain. By giving commercial plugin developers, hosts, and application developers more options to control the tools they rely on, the FAIR Package Manager project promotes innovation and protects business continuity.

“The FAIR Package Manager project paves the way for the stability and growth of open source content management, giving contributors and businesses additional options governed by a neutral community,” said Jim Zemlin, Executive Director of the Linux Foundation. ”We look forward to the growth in community and contributions this important project attracts.”

linuxfoundation EN 2025 secure plugins Wordpress FAIR Package Manager Project open-source
You're Invited: Delivering malware via Google Calendar invites and PUAs https://www.aikido.dev/blog/youre-invited-delivering-malware-via-google-calendar-invites-and-puas
18/05/2025 12:18:51
QRCode
archive.org
thumbnail

Threat actor used malicious Google Invites and hidden Unicode “Private Use Access” characters (PUAs) to brilliantly obfuscate and hide a malicious NPM package.
On March 19th, 2025, we discovered a package called os-info-checker-es6 and were taken aback. We could tell it was not doing what it said on the tin. But what's the deal? We decided to investigate the matter and initially hit some dead ends. But patience pays off, and we eventually got most of the answers we sought. We also learned about Unicode PUAs (No, not pick-up artists). It was a roller coaster ride of emotions!

aikido.dev 2025 EN Google-Invites Unicode obfuscate NPM package
XRP supply chain attack: Official NPM package infected with crypto stealing backdoor https://www.aikido.dev/blog/xrp-supplychain-attack-official-npm-package-infected-with-crypto-stealing-backdoor
23/04/2025 09:14:52
QRCode
archive.org
thumbnail

The official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.

aikido.dev EN 2025 XPRL NPM package compromised backdoor cryptocurrency supply-chain-attack
Fake AWS Packages Ship Command and Control Malware In JPEG Files https://blog.phylum.io/fake-aws-packages-ship-command-and-control-malware-in-jpeg-files
18/07/2024 23:25:43
QRCode
archive.org
thumbnail

On July 13, 2024, the Phylum platform alerted us to a series of odd packages published to the npm package registry. At first glance, these packages appear entirely legitimate; however, as our system automatically noted, they contained sophisticated command and control functionality hidden in image files that would be executed

phylum EN 2024 AWS fake Supply-chain-attack npm package registry JPEG
CVE-2024-27822: macOS PackageKit Privilege Escalation https://khronokernel.com/macos/2024/06/03/CVE-2024-27822.html
05/06/2024 08:41:53
QRCode
archive.org

Another fun exploit! This time with local privilege escalation through Apple’s PackageKit.framework when running ZSH-based PKGs 🎉.

khronokernel CVE-2024-27822 EN 2024 ZSH macos package pkg
Diving Deeper into AI Package Hallucinations https://www.lasso.security/blog/ai-package-hallucinations
28/03/2024 19:07:30
QRCode
archive.org
thumbnail

Lass Security's recent research on AI Package Hallucinations extends the attack technique to GPT-3.5-Turbo, GPT-4, Gemini Pro (Bard), and Coral (Cohere).

lasso EN 2024 AI Package Hallucinations GPT-4 Bard Cohere analysis LLM
Redline Dropped Through MSIX Package https://isc.sans.edu/diary/Redline+Dropped+Through+MSIX+Package/30404/?is=e4f6b16c6de31130985364bb824bcb39ef6b2c4e902e4e553f0ec11bdbefc118
17/11/2023 08:39:15
QRCode
archive.org

Redline Dropped Through MSIX Package, Author&colon

isc.sans.edu SANS 2023 EN Redline MSIX Package analysis
Google Online Security Blog: The Package Analysis Project: Scalable detection of malicious open source packages https://security.googleblog.com/2022/04/the-package-analysis-project-scalable.html
03/05/2022 09:58:30
QRCode
archive.org
thumbnail

Despite open source software’s essential role in all software built today, it’s far too easy for bad actors to circulate malicious packages that attack the systems and users running that software. Unlike mobile app stores that can scan for and reject malicious contributions, package repositories have limited resources to review the thousands of daily updates and must maintain an open model where anyone can freely contribute. As a result, malicious packages like ua-parser-js, and node-ipc are regularly uploaded to popular repositories despite their best efforts, with sometimes devastating consequences for users.

google 2022 EN opensource Package Analysis Project malicious packages
Introducing Package Analysis: Scanning open source packages for malicious behavior https://openssf.org/blog/2022/04/28/introducing-package-analysis-scanning-open-source-packages-for-malicious-behavior/
02/05/2022 10:50:10
QRCode
archive.org

Today we’re pleased to announce the initial prototype version of the Package Analysis project, an OpenSSF project addressing the challenge of identifying malicious packages in popular open source repositories. In just one month of analysis, the project identified more than 200 malicious packages uploaded to PyPI and npm.

openssf EN 2022 Analysis Scan opensource packages Package behavior
Sabotage: Code added to popular NPM package wiped files in Russia and Belarus | Ars Technica https://arstechnica.com/information-technology/2022/03/sabotage-code-added-to-popular-npm-package-wiped-files-in-russia-and-belarus/
20/03/2022 00:02:22
QRCode
archive.org
thumbnail

When code with millions of downloads nukes user files, bad things can happen.

Sabotage arstechnica EN 2022 NPM Russia cyberwar node-ipc package CVE-2022-23812
4395 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio