All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Malicious npm Packages using Burp Collaborator for Dependency Confusion Attack

Multiple npm packages impersonating popular package names were published to the npm registry including by a Snyk researcher apparently targeting internal packages at Cursor AI.

Read the full article
1y ago

You might also wanna read

Snyk finds 200+ malicious npm packages, including Cobalt Strike dependency confusion attacks

Snyk recently discovered overt 200 malicious packages in the npm registry. While we acknowledge that vulnerability fatigue is an issue for d

Snyk·4y ago

176 malicious npm packages used dependency confusion to target internal dependencies and steal credentials

A 176-package npm malware campaign used dependency confusion and install-time scripts to steal credentials and compromise developer and CI/C

sonatype.com·1mo ago

Snyk uncovers malicious code activities in open source supply chain security on the npm registry

In a recent npm security research activity, Snyk uncovered a total of 8 npm packages that matched a specific malicious code vector of attack

Snyk·5y ago

Exploring extensions of dependency confusion attacks via npm package aliasing

Learn about a new extension to dependency confusion which has its premise on npm’s package aliasing capabilities.

Snyk·4y ago

Attacker publishes 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries

A single npm user published 14 malicious packages impersonating OpenSearch/Elasticsearch libraries to steal AWS, Vault, and CI/CD secrets.

briefly.co·1mo ago

Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries

And then Microsoft busted them all

theregister.com·1mo ago

Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries

And then Microsoft busted them all

theregister.com·1mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.