All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Visibly invisible malicious Node.js packages: When configuration niche meets invisible characters

4y agoen

Source

SnykVisibly invisible malicious Node.js packages: When configuration niche meets invisible characterssnyk.io
Snippet from the RSS feed
A focus on attacks in the Node.js ecosystem via the yarn and npm package managers, examining how configuration abuse and hidden characters can lead to RCE.

You might also wanna read

Attackers use invisible Unicode characters to hide malicious code in GitHub repositories

Attackers are exploiting invisible Unicode characters (Private Use Areas) to hide malicious code in JavaScript files hosted on GitHub and ot

arstechnica.com·3mo ago

Glassworm Threat Actor Returns with Unicode-Based Supply Chain Attacks on GitHub, npm, and VS Code

The Glassworm threat actor has returned with a new wave of supply chain attacks using invisible Unicode characters to compromise software re

aikido.dev·3mo ago

Config File Auto-Execution Creates Supply Chain Security Blindspot Across IDEs and Package Managers

This article exposes a critical supply chain security blindspot where ordinary-looking configuration files in code repositories can automati

safedep.io·1mo ago

Post-mortem Analysis of @ctrl/tinycolor npm Supply Chain Attack via GitHub Actions

A detailed post-mortem analysis of a supply chain attack on the @ctrl/tinycolor npm package. The attack occurred when a malicious GitHub Act

sigh.dev·9mo ago

176 malicious npm packages used dependency confusion to target internal dependencies and steal credentials

Sonatype researchers uncovered a campaign involving 176 malicious npm packages using a dependency confusion attack strategy. Attackers publi

sonatype.com·1mo ago

NPM Vulnerability Allows 126 Malicious Packages to Be Downloaded 86,000+ Times

Security researchers have discovered a major vulnerability in NPM (Node Package Manager) that allows attackers to distribute malicious packa

arstechnica.com·8mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.