Snyk finds 200+ malicious npm packages, including Cobalt Strike dependency confusion attacks
Source
SnykSnyk finds 200+ malicious npm packages, including Cobalt Strike dependency confusion attackssnyk.ioYou might also wanna read
176 malicious npm packages used dependency confusion to target internal dependencies and steal credentials
Sonatype researchers uncovered a campaign involving 176 malicious npm packages using a dependency confusion attack strategy. Attackers publi
Supply Chain Attack Compromises @ctrl/tinycolor npm Package, Affects 40+ Packages
A malicious update to the popular npm package @ctrl/tinycolor (2.2M weekly downloads) was detected as part of a broader supply chain attack
Major NPM Supply Chain Attack: @ctrl/tinycolor and 40+ Packages Compromised with Self-Propagating Malware
A sophisticated supply chain attack has compromised the popular @ctrl/tinycolor NPM package (with over 2 million weekly downloads) along wit
NPM Vulnerability Allows 126 Malicious Packages to Be Downloaded 86,000+ Times
Security researchers have discovered a major vulnerability in NPM (Node Package Manager) that allows attackers to distribute malicious packa
arstechnica.com·8mo agoPopular npm packages debug and chalk compromised with crypto-intercepting malware
Starting September 8th, 2023, the popular npm packages "debug" and "chalk" were compromised with malicious code. These packages, which colle
aikido.dev·10mo agoMicrosoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
A threat actor using the alias vpmdhaj published 14 malicious npm packages within four hours, impersonating legitimate OpenSearch, Elasticse
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
A threat actor using the alias vpmdhaj published 14 malicious npm packages within four hours, impersonating legitimate OpenSearch, Elasticse

Comments
Sign in to join the conversation.
No comments yet. Be the first.