North Korean Group Famous Chollima Compromises Packagist Package to Target PHP Developers
A malicious obfuscated JavaScript loader was discovered appended to tailwind.js in the Packagist dev version dev-drewroberts/feature/test-case of the roberts/leads package, which appears to be tied…
Read the full articleYou might also wanna read
Composer and Packagist Introduce New Supply Chain Security Measures After PHP Ecosystem Attacks
The last months, and even more so the last weeks, saw an increasing amount of software supply chain attacks targeting open-source ecosystems
blog.packagist.com·1mo agoComposer and Packagist Introduce New Supply Chain Security Measures After PHP Ecosystem Attacks
The last months, and even more so the last weeks, saw an increasing amount of software supply chain attacks targeting open-source ecosystems
blog.packagist.com·1mo agoNorth Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign
The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser
North Korea’s npm Supply Chain Attack Hit Rollup Developer Tools
Researchers at JFrog traced a fresh npm supply chain attack to North Korea's Lazarus group, six lookalike packages built to steal developer
Hackers backdoor Jscrambler npm package with infostealer malware
The Jscrambler client-side web security company disclosed that a threat actor published a malicious version of its npm package that has been
North Korean Hackers Target Open Source Developers in Supply Chain Attacks
The PolinRider campaign has compromised more than 100 legitimate open source packages and repositories to deliver a backdoor and information

Packagist is now protected by Aikido Intel and other updates to the PHP registry
Aikido's malware feed now blocks bad package versions in Composer by default. A look at how Packagist is closing whole classes of supply cha

Comments
Sign in to join the conversation.
No comments yet. Be the first.