Search cyberveille.decio.ch

Found 8 bookmarks

Custom sorting

Dozens of npm Packages Caught Attempting to Deploy Reverse Shell

On October 27, Phylum’s automated risk detection platform began alerting us to a series of suspicious publications on npm. Over the course of the following few days, we discovered a campaign involving at least 48 different publications. These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to

#phylum #EN #2023 #npm #Reverse #Shell #Supply-chain-attack

·blog.phylum.io·Nov 10, 2023

Dozens of npm Packages Caught Attempting to Deploy Reverse Shell

Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs - SecurityWeek

Malicious packages uploaded to PyPI, NPM, and Ruby repositories are targeting macOS users with information stealing malware.

#securityweek #EN #2023 #macos #phylum #PyPI #NPM #Ruby #Supply-Chain-Attack

·securityweek.com·Sep 6, 2023

Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs - SecurityWeek

Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers

Phylum has identified a malware campaign spanning PyPI, npm and RubyGems. Delivering early stage malware to users.

#phylum #EN #2023 #Supply-Chain-Attack #npm #PyPI #RubyGems #macOS

·blog.phylum.io·Sep 6, 2023

Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers

An Ongoing Open Source Attack Reveals Roots Dating Back To 2021

Developers in the cryptocurrency sphere are being targeted once again, as yet another threat actor has been exposed. This user has been publishing malicious NPM packages with the purpose of exfiltrating sensitive data such as source code and configuration files from the victim’s machines. The threat actor behind this campaign has been linked to malicious activity dating back to 2021. Since then, they have continuously published malicious code.

#checkmarx #EN #2023 #malicious #NPM #Supply-chain-security

·checkmarx.com·Sep 1, 2023

An Ongoing Open Source Attack Reveals Roots Dating Back To 2021

Fake Roblox packages target npm with Luna Grabber information-stealing malware

ReversingLabs researchers have identified more than a dozen malicious packages targeting Roblox API users on the npm repository. This latest campaign recalls a 2021 attack.

#reversinglabs #EN #2023 #Roblox #API #npm #LunaGrabber

·reversinglabs.com·Aug 24, 2023

Fake Roblox packages target npm with Luna Grabber information-stealing malware

Hijacking S3 Buckets: New Attack Technique

Without altering a single line of code, attackers poisoned the NPM package “bignum” by hijacking the S3 bucket serving binaries necessary for its function and replacing them with malicious ones

#checkmarx #EN #2023 #Hijacking #S3 #Buckets #NPM #Supply-Chain-Attack

·checkmarx.com·Jun 18, 2023

Hijacking S3 Buckets: New Attack Technique

Who Broke NPM?: Malicious Packages Flood Leading to Denial of Service

We’ve seen spam campaigns in the open-source ecosystems in the past year, but this month was by far the worst one we’ve seen yet. Apparently, attackers found the unvetted open-source ecosystems as an…

#checkmarx-security #EN #2023 #NPM #spam #campaign #flood #DoS #scam #medium

·medium.com·Apr 5, 2023

Who Broke NPM?: Malicious Packages Flood Leading to Denial of Service

#checkmarx-security #EN #2023 #NPM #spam #campaign #flood #DoS #scam #medium

·medium.com·Apr 5, 2023

Who Broke NPM?: Malicious Packages Flood Leading to Denial of Service