Packagist is now protected by Aikido Intel and other updates to the PHP registry
Aikido's malware feed now blocks bad package versions in Composer by default. A look at how Packagist is closing whole classes of supply chain attacks. Category: Product & Company Updates
Read the full articleYou might also wanna read
Composer and Packagist Introduce New Supply Chain Security Measures After PHP Ecosystem Attacks
The last months, and even more so the last weeks, saw an increasing amount of software supply chain attacks targeting open-source ecosystems
blog.packagist.com·1mo agoComposer and Packagist Introduce New Supply Chain Security Measures After PHP Ecosystem Attacks
The last months, and even more so the last weeks, saw an increasing amount of software supply chain attacks targeting open-source ecosystems
blog.packagist.com·1mo agoNorth Korean Chollima Group Targets PHP Developers via Malicious Packagist Package
Security researchers discovered obfuscated JavaScript hidden inside a Packagist development version of the legitimate Laravel package
cyberpress.org·1mo agoNorth Korean Group Famous Chollima Compromises Packagist Package to Target PHP Developers
A malicious obfuscated JavaScript loader was discovered appended to tailwind.js in the Packagist dev version dev-drewroberts/feature/test-ca
hendryadrian.com·1mo agoNorth Korean Chollima Group Targets PHP Developers via Malicious Packagist Package
The North Korean malware loader hides in a Packagist-listed package and its GitHub branch to fetch and execute remote code in a likely Conta
Introducing organizational controls to restrict Composer plugins for supply chain security
This is the next post in our supply chain security series, following the supply chain security update, the Composer 2.10 release, closing Co
blog.packagist.com·29d agoPreventing malicious packages and supply chain attacks with Snyk
In this post, we’ll take a quick look at how malicious packages are used in software supply chain attacks, and then we’ll look at how Snyk c

Comments
Sign in to join the conversation.
No comments yet. Be the first.