Threat Alert: Private npm Packages Disclosed via Timing Attacks
Via timing attacks, threat actors create phony public npm packages masked as private ones to deceive developers into downloading compromised packages
Software Supply Chain Attackers; Organized, Persistent, and Operating for over a Year
Checkmarx discovered ~200 malicious NPM packages with thousands of installations linked to an attack group called “LofyGang”.
npm Supply Chain Attack Targeting Germany-Based Companies
The JFrog Security Research team identified and quickly disclosed new npm malicious packages aimed at compromising leading industrial organizations
Threat Alert: Private npm Packages Disclosed via Timing Attacks
Via timing attacks, threat actors create phony public npm packages masked as private ones to deceive developers into downloading compromised packages
Software Supply Chain Attackers; Organized, Persistent, and Operating for over a Year
Checkmarx discovered ~200 malicious NPM packages with thousands of installations linked to an attack group called “LofyGang”.
npm Supply Chain Attack Targeting Germany-Based Companies
The JFrog Security Research team identified and quickly disclosed new npm malicious packages aimed at compromising leading industrial organizations
npm Supply Chain Attack Targeting Germany-Based Companies
The JFrog Security Research team identified and quickly disclosed new npm malicious packages aimed at compromising leading industrial organizations