Software Supply Chain

Folgen

Thousands of fake packages flood npm registry in attack

Thousands of fake packages have inundated the npm registry, signaling a major cyber attack. The campaign appears to be preparing for a larger malicious operation, according to security reports. This incident highlights ongoing vulnerabilities in open-source software ecosystems.

Malicious npm packages deliver infostealer malware to developers

Von KI berichtet

Security firm Socket has uncovered ten malicious packages in the npm repository that target developers on Windows, macOS, and Linux systems. These packages, available since July, use typosquatting and sophisticated obfuscation to install infostealer malware. The malware steals credentials from browsers, SSH keys, and configuration files before exfiltrating data to attackers.

Montag, 20. Oktober 2025, 00:09 Uhr

Backdoor in XZ Utils exposes Linux security risks

Samstag, 13. September 2025, 00:39 Uhr

Red Hat Introduces Rekor Monitor for Artifact Signer

Diese Website verwendet Cookies

Wir verwenden Cookies für Analysen, um unsere Website zu verbessern. Lesen Sie unsere Datenschutzrichtlinie für weitere Informationen.
Ablehnen