Found 2 bookmarks
Custom sorting
The evolutionary tale of a persistent Python threat 
The evolutionary tale of a persistent Python threat 
Since early April 2023, an attacker has been relentlessly deploying hundreds of malicious packages through various usernames, accumulating nearly 75,000 downloads. Our team at Checkmarx’s Supply Chain Security has been on this malicious actor’s trail since early April, documenting each step of its evolution. We have been actively observing an attacker who seems to be evermore refining their craft. 
#checkmarx#EN#2023#Supply-chain-attack#malicious#packages#Python
·checkmarx.com·
The evolutionary tale of a persistent Python threat 
An Ongoing Open Source Attack Reveals Roots Dating Back To 2021
An Ongoing Open Source Attack Reveals Roots Dating Back To 2021
Developers in the cryptocurrency sphere are being targeted once again, as yet another threat actor has been exposed. This user has been publishing malicious NPM packages with the purpose of exfiltrating sensitive data such as source code and configuration files from the victim’s machines. The threat actor behind this campaign has been linked to malicious activity dating back to 2021. Since then, they have continuously published malicious code.
#checkmarx#EN#2023#malicious#NPM#Supply-chain-security
·checkmarx.com·
An Ongoing Open Source Attack Reveals Roots Dating Back To 2021