sl4x0 Dependency Confusion: 92 Packages Target Fortune 500
A sustained dependency confusion campaign by the sl4x0 actor likely targets 20+ organizations including Adobe, Ford, Sony, and Coca-Cola with 92+ malicious npm packages exfiltrating developer data…
Read the full articleYou might also wanna read
176 malicious npm packages used dependency confusion to target internal dependencies and steal credentials
A 176-package npm malware campaign used dependency confusion and install-time scripts to steal credentials and compromise developer and CI/C

These aren’t the npm packages you’re looking for
Earlier in the year, over 500 malicious packages were released into the npm ecosystem to create dependency confusion. Let’s look at some way

Targeted npm dependency confusion attack caught red-handed
Once in a while we encounter a truly malicious package that has a purpose, means, and is production-ready — this is a story about one found

Snyk finds 200+ malicious npm packages, including Cobalt Strike dependency confusion attacks
Snyk recently discovered overt 200 malicious packages in the npm registry. While we acknowledge that vulnerability fatigue is an issue for d
Detect and prevent dependency confusion attacks on npm to maintain supply chain security
Learn about dependency confusion attacks, how they manifest for JavaScript and Node.js developers working in the npm ecosystem, and how to p

Exploring extensions of dependency confusion attacks via npm package aliasing
Learn about a new extension to dependency confusion which has its premise on npm’s package aliasing capabilities.

Comments
Sign in to join the conversation.
No comments yet. Be the first.