All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Snyk finds 200+ malicious npm packages, including Cobalt Strike dependency confusion attacks

4y agoen

Source

SnykSnyk finds 200+ malicious npm packages, including Cobalt Strike dependency confusion attackssnyk.io
Snippet from the RSS feed
Snyk recently discovered overt 200 malicious packages in the npm registry. While we acknowledge that vulnerability fatigue is an issue for developers, this article is not about the typical case of typosquatting or random malicious package. This article shares the findings of targeted attacks aimed at businesses and corporations that Snyk was able to detect and share the insights.

You might also wanna read

176 malicious npm packages used dependency confusion to target internal dependencies and steal credentials

Sonatype researchers uncovered a campaign involving 176 malicious npm packages using a dependency confusion attack strategy. Attackers publi

sonatype.com·1mo ago

Supply Chain Attack Compromises @ctrl/tinycolor npm Package, Affects 40+ Packages

A malicious update to the popular npm package @ctrl/tinycolor (2.2M weekly downloads) was detected as part of a broader supply chain attack

socket.dev·9mo ago

Major NPM Supply Chain Attack: @ctrl/tinycolor and 40+ Packages Compromised with Self-Propagating Malware

A sophisticated supply chain attack has compromised the popular @ctrl/tinycolor NPM package (with over 2 million weekly downloads) along wit

stepsecurity.io·9mo ago

NPM Vulnerability Allows 126 Malicious Packages to Be Downloaded 86,000+ Times

Security researchers have discovered a major vulnerability in NPM (Node Package Manager) that allows attackers to distribute malicious packa

arstechnica.com·8mo ago

Popular npm packages debug and chalk compromised with crypto-intercepting malware

Starting September 8th, 2023, the popular npm packages "debug" and "chalk" were compromised with malicious code. These packages, which colle

aikido.dev·10mo ago

Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries

A threat actor using the alias vpmdhaj published 14 malicious npm packages within four hours, impersonating legitimate OpenSearch, Elasticse

theregister.com·1mo ago

Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries

A threat actor using the alias vpmdhaj published 14 malicious npm packages within four hours, impersonating legitimate OpenSearch, Elasticse

theregister.com·1mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.