Open-source security: It’s too easy to upload ‘devastating’ malicious packages, warns Google
Google has detailed some of the work done to find malicious code packages that have been sneaked into bigger open-source software projects. The Package...
Tagged: Malicious
Here’s a New Tool That Scans Open-Source Repositories for Malicious Packages
The Open Source Security Foundation (OpenSSF) has announced the initial prototype release of a new tool that’s capable of carrying out dynamic analysis of...
New OpenSSF Project Hunts for Malicious Packages in Open Source Repositories
The Open Source Security Foundation (OpenSSF) has announced a new project whose goal is to help identify malicious packages in open source repositories. The...
Five Eyes advisory warns more malicious Russian cyber activity incoming
Image: Shutterstock Eight cybersecurity authorities from the Five Eye nations have come together to release a joint cybersecurity advisory that more malicious cyber activity...
Critical Bugs in Rockwell PLC Could Allow Hackers to Implant Malicious Code
Two new security vulnerabilities have been disclosed in Rockwell Automation’s programmable logic controllers (PLCs) and engineering workstation software that could be exploited by an...
A Large-Scale Supply Chain Attack Distributed Over 800 Malicious NPM Packages
A threat actor dubbed “RED-LILI” has been linked to an ongoing large-scale supply chain attack campaign targeting the NPM package repository by publishing nearly...
Malicious npm packages target Azure developers to steal personal data
A “large scale” attack is targeting Microsoft Azure developers through malicious npm packages. On Wednesday, cybersecurity researchers from JFrog said that hundreds of malicious...
Over 200 Malicious NPM Packages Caught Targeting Azure Developers
A new large scale supply chain attack has been observed targeting Azure developers with no less than 218 malicious NPM packages with the goal...
25 Malicious JavaScript Libraries Distributed via Official NPM Package Repository
Another batch of 25 malicious JavaScript libraries have made their way to the official NPM package registry with the goal of stealing Discord tokens...
Attackers Can Crash Cisco Email Security Appliances by Sending Malicious Emails
Cisco has released security updates to contain three vulnerabilities affecting its products, including one high-severity flaw in its Email Security Appliance (ESA) that could...