Open-source security: It’s too easy to upload ‘devastating’ malicious packages, warns Google
Google has detailed some of the work done to find malicious code packages that have been sneaked into bigger open-source software projects. The Package...
Tagged: packages
Here’s a New Tool That Scans Open-Source Repositories for Malicious Packages
The Open Source Security Foundation (OpenSSF) has announced the initial prototype release of a new tool that’s capable of carrying out dynamic analysis of...
New OpenSSF Project Hunts for Malicious Packages in Open Source Repositories
The Open Source Security Foundation (OpenSSF) has announced a new project whose goal is to help identify malicious packages in open source repositories. The...
NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages
A “logical flaw” has been disclosed in NPM, the default package manager for the Node.js JavaScript runtime environment, that enables malicious actors to pass...
A Large-Scale Supply Chain Attack Distributed Over 800 Malicious NPM Packages
A threat actor dubbed “RED-LILI” has been linked to an ongoing large-scale supply chain attack campaign targeting the NPM package repository by publishing nearly...
Malicious npm packages target Azure developers to steal personal data
A “large scale” attack is targeting Microsoft Azure developers through malicious npm packages. On Wednesday, cybersecurity researchers from JFrog said that hundreds of malicious...
Over 200 Malicious NPM Packages Caught Targeting Azure Developers
A new large scale supply chain attack has been observed targeting Azure developers with no less than 218 malicious NPM packages with the goal...
1,300 Malicious Packages Found in Popular npm JavaScript Package Manager
Malicious actors are using the npm registry as the start point for open source software (OSS) supply chain attacks. Open source software offers huge...
Application Security / Cloud Security / Compliance / Cyberwarfare / Data Protection / Disaster Recovery / Email Security / Endpoint Security / Fraud & Identity Theft / Identity & Access / Incident Response / Malware / Network Security / NEWS & INDUSTRY / Risk Management / Security Architecture / Virus & Malware / Vulnerabilities
Google Finds 35,863 Java Packages Using Defective Log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching...
Malicious npm packages are stealing Discord tokens
ZDNet Recommends Best security key 2021 While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that...