Visibly invisible malicious Node.js packages: When configuration niche meets invisible characters
Source
SnykVisibly invisible malicious Node.js packages: When configuration niche meets invisible characterssnyk.ioYou might also wanna read
Attackers use invisible Unicode characters to hide malicious code in GitHub repositories
Attackers are exploiting invisible Unicode characters (Private Use Areas) to hide malicious code in JavaScript files hosted on GitHub and ot
arstechnica.com·3mo agoGlassworm Threat Actor Returns with Unicode-Based Supply Chain Attacks on GitHub, npm, and VS Code
The Glassworm threat actor has returned with a new wave of supply chain attacks using invisible Unicode characters to compromise software re
aikido.dev·3mo agoConfig File Auto-Execution Creates Supply Chain Security Blindspot Across IDEs and Package Managers
This article exposes a critical supply chain security blindspot where ordinary-looking configuration files in code repositories can automati
Post-mortem Analysis of @ctrl/tinycolor npm Supply Chain Attack via GitHub Actions
A detailed post-mortem analysis of a supply chain attack on the @ctrl/tinycolor npm package. The attack occurred when a malicious GitHub Act
176 malicious npm packages used dependency confusion to target internal dependencies and steal credentials
Sonatype researchers uncovered a campaign involving 176 malicious npm packages using a dependency confusion attack strategy. Attackers publi
NPM Vulnerability Allows 126 Malicious Packages to Be Downloaded 86,000+ Times
Security researchers have discovered a major vulnerability in NPM (Node Package Manager) that allows attackers to distribute malicious packa
arstechnica.com·8mo ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.