packages Archives - Developer Tech News https://www.developer-tech.com/news/tag/packages/ Gaming, Apps, HTML5, Java, PHP, C#, .net, IOT Thu, 16 Nov 2023 13:00:07 +0000 en-GB hourly 1 https://www.developer-tech.com/wp-content/uploads/sites/3/2020/09/dev-icon-60x60.png packages Archives - Developer Tech News https://www.developer-tech.com/news/tag/packages/ 32 32 Checkmarx uncovers persistent Python package threat https://www.developer-tech.com/news/2023/nov/16/checkmarx-uncovers-persistent-python-package-threat/ https://www.developer-tech.com/news/2023/nov/16/checkmarx-uncovers-persistent-python-package-threat/#respond Thu, 16 Nov 2023 13:00:03 +0000 https://www.developer-tech.com/?p=45359 Checkmarx has uncovered a threat actor that has been quietly infiltrating the open-source ecosystem for nearly six months, planting malicious Python packages with a focus on deception and financial gain. The malicious actor employed a systematic approach, disguising their packages with names closely resembling popular legitimate Python packages. These decoy packages, camouflaged to blend in,... Read more »

The post Checkmarx uncovers persistent Python package threat appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/2023/nov/16/checkmarx-uncovers-persistent-python-package-threat/feed/ 0
Sonatype uncovers further malicious PyPI and npm packages https://www.developer-tech.com/news/2023/jun/23/sonatype-uncovers-further-malicious-pypi-npm-packages/ https://www.developer-tech.com/news/2023/jun/23/sonatype-uncovers-further-malicious-pypi-npm-packages/#respond Fri, 23 Jun 2023 15:47:27 +0000 https://www.developer-tech.com/?p=44763 Sonatype continues to uncover a significant number of malicious packages within the PyPI and npm software registries. Among the flagged packages were several Python packages published on PyPI, masquerading as legitimate libraries named after the popular npm “colors” library. The malicious packages, including names such as “broke-rcl,” “brokescolors,” and “trexcolors,” exclusively targeted the Windows operating... Read more »

The post Sonatype uncovers further malicious PyPI and npm packages appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/2023/jun/23/sonatype-uncovers-further-malicious-pypi-npm-packages/feed/ 0
Large-scale supply chain attack used 218 malicious NPM packages https://www.developer-tech.com/news/2022/mar/24/large-scale-supply-chain-attack-used-218-malicious-npm-packages/ https://www.developer-tech.com/news/2022/mar/24/large-scale-supply-chain-attack-used-218-malicious-npm-packages/#respond Thu, 24 Mar 2022 14:32:40 +0000 https://developer-tech.com/?p=42774 A large-scale supply chain attack has been uncovered that used 218 malicious NPM packages. Researchers from JFrog claim that several of their automated analysers started throwing up alerts regarding a set of packages in the npm registry earlier this week. Over a few days, the number of packages swelled from around 50 packages to more... Read more »

The post Large-scale supply chain attack used 218 malicious NPM packages appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/2022/mar/24/large-scale-supply-chain-attack-used-218-malicious-npm-packages/feed/ 0