Supply Chain Attack on Rspack npm Packages Injects Cryptojac...
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Info Stealing Packages Hidden in PyPI
An info-stealing PyPI malware author was identified discreetly uploading malicious packages.
Trojanized Free Download Manager found to contain a Linux backdoor
Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years.
PyPI Attackers Still At It: Malicious Packages Drop Trojans and Info-stealers
Sonatype's malicious open source and malware detection systems found hundreds of malicious PyPI packages.