All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Packagist is now protected by Aikido Intel and other updates to the PHP registry

Aikido's malware feed now blocks bad package versions in Composer by default. A look at how Packagist is closing whole classes of supply chain attacks. Category: Product & Company Updates

Read the full article
15d ago

You might also wanna read

Composer and Packagist Introduce New Supply Chain Security Measures After PHP Ecosystem Attacks

The last months, and even more so the last weeks, saw an increasing amount of software supply chain attacks targeting open-source ecosystems

blog.packagist.com·1mo ago

Composer and Packagist Introduce New Supply Chain Security Measures After PHP Ecosystem Attacks

The last months, and even more so the last weeks, saw an increasing amount of software supply chain attacks targeting open-source ecosystems

blog.packagist.com·1mo ago

North Korean Chollima Group Targets PHP Developers via Malicious Packagist Package

Security researchers discovered obfuscated JavaScript hidden inside a Packagist development version of the legitimate Laravel package

cyberpress.org·1mo ago

North Korean Group Famous Chollima Compromises Packagist Package to Target PHP Developers

A malicious obfuscated JavaScript loader was discovered appended to tailwind.js in the Packagist dev version dev-drewroberts/feature/test-ca

hendryadrian.com·1mo ago

North Korean Chollima Group Targets PHP Developers via Malicious Packagist Package

The North Korean malware loader hides in a Packagist-listed package and its GitHub branch to fetch and execute remote code in a likely Conta

socket.dev·1mo ago

Introducing organizational controls to restrict Composer plugins for supply chain security

This is the next post in our supply chain security series, following the supply chain security update, the Composer 2.10 release, closing Co

blog.packagist.com·29d ago

Preventing malicious packages and supply chain attacks with Snyk

In this post, we’ll take a quick look at how malicious packages are used in software supply chain attacks, and then we’ll look at how Snyk c

Snyk·4y ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.