Malicious npm Packages using Burp Collaborator for Dependency Confusion Attack
Multiple npm packages impersonating popular package names were published to the npm registry including by a Snyk researcher apparently targeting internal packages at Cursor AI.
Read the full articleYou might also wanna read

Snyk finds 200+ malicious npm packages, including Cobalt Strike dependency confusion attacks
Snyk recently discovered overt 200 malicious packages in the npm registry. While we acknowledge that vulnerability fatigue is an issue for d
176 malicious npm packages used dependency confusion to target internal dependencies and steal credentials
A 176-package npm malware campaign used dependency confusion and install-time scripts to steal credentials and compromise developer and CI/C

Snyk uncovers malicious code activities in open source supply chain security on the npm registry
In a recent npm security research activity, Snyk uncovered a total of 8 npm packages that matched a specific malicious code vector of attack

Exploring extensions of dependency confusion attacks via npm package aliasing
Learn about a new extension to dependency confusion which has its premise on npm’s package aliasing capabilities.
Attacker publishes 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
A single npm user published 14 malicious packages impersonating OpenSearch/Elasticsearch libraries to steal AWS, Vault, and CI/CD secrets.
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all

Comments
Sign in to join the conversation.
No comments yet. Be the first.