All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

North Korean Group Famous Chollima Compromises Packagist Package to Target PHP Developers

A malicious obfuscated JavaScript loader was discovered appended to tailwind.js in the Packagist dev version dev-drewroberts/feature/test-case of the roberts/leads package, which appears to be tied…

Read the full article
SocketDev1mo ago4 min readenNews

You might also wanna read

Composer and Packagist Introduce New Supply Chain Security Measures After PHP Ecosystem Attacks

The last months, and even more so the last weeks, saw an increasing amount of software supply chain attacks targeting open-source ecosystems

blog.packagist.com·1mo ago

Composer and Packagist Introduce New Supply Chain Security Measures After PHP Ecosystem Attacks

The last months, and even more so the last weeks, saw an increasing amount of software supply chain attacks targeting open-source ecosystems

blog.packagist.com·1mo ago

North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign

The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser

thehackernews.com·13d ago

North Korea’s npm Supply Chain Attack Hit Rollup Developer Tools

Researchers at JFrog traced a fresh npm supply chain attack to North Korea's Lazarus group, six lookalike packages built to steal developer

Aardwolf Security·13d ago

Hackers backdoor Jscrambler npm package with infostealer malware

The Jscrambler client-side web security company disclosed that a threat actor published a malicious version of its npm package that has been

BleepingComputer·3d ago

North Korean Hackers Target Open Source Developers in Supply Chain Attacks

The PolinRider campaign has compromised more than 100 legitimate open source packages and repositories to deliver a backdoor and information

BackBox.org·10d ago

Packagist is now protected by Aikido Intel and other updates to the PHP registry

Aikido's malware feed now blocks bad package versions in Composer by default. A look at how Packagist is closing whole classes of supply cha

aikido.dev·21d ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.