North Korean Chollima Group Targets PHP Developers via Malicious Packagist Package
The North Korean malware loader hides in a Packagist-listed package and its GitHub branch to fetch and execute remote code in a likely Contagious Interview-style lure.
Read the full articleYou might also wanna read
Composer and Packagist Introduce New Supply Chain Security Measures After PHP Ecosystem Attacks
The last months, and even more so the last weeks, saw an increasing amount of software supply chain attacks targeting open-source ecosystems
blog.packagist.com·1mo agoComposer and Packagist Introduce New Supply Chain Security Measures After PHP Ecosystem Attacks
The last months, and even more so the last weeks, saw an increasing amount of software supply chain attacks targeting open-source ecosystems
blog.packagist.com·1mo agoNorth Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign
The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser

Packagist is now protected by Aikido Intel and other updates to the PHP registry
Aikido's malware feed now blocks bad package versions in Composer by default. A look at how Packagist is closing whole classes of supply cha
North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign
The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser
Hacker uses Trojanized Python and PHP Packages to Steal AWS Keys
Two trojanized Python and PHP packages have been uncovered revealing another instance of program source chain assault aimed at the open-sour
North Korea’s npm Supply Chain Attack Hit Rollup Developer Tools
Researchers at JFrog traced a fresh npm supply chain attack to North Korea's Lazarus group, six lookalike packages built to steal developer

Comments
Sign in to join the conversation.
No comments yet. Be the first.