npm Archives - Developer Tech News

Checkmarx uncovers supply chain attacks targeting banking

Ryan Daws — Fri, 21 Jul 2023 12:24:45 +0000

Checkmarx has uncovered a new and sophisticated cyber threat targeting the banking sector. The security testing firm’s research team detected two distinct open-source software supply chain attacks targeting financial institutions. These attacks, which involved advanced techniques and deceptive tactics, have raised alarm bells among cybersecurity experts. Attack one: NPM The first attack occurred on April... Read more »

The post Checkmarx uncovers supply chain attacks targeting banking appeared first on Developer Tech News.

Sonatype uncovers further malicious PyPI and npm packages

Ryan Daws — Fri, 23 Jun 2023 15:47:27 +0000

Sonatype continues to uncover a significant number of malicious packages within the PyPI and npm software registries. Among the flagged packages were several Python packages published on PyPI, masquerading as legitimate libraries named after the popular npm “colors” library. The malicious packages, including names such as “broke-rcl,” “brokescolors,” and “trexcolors,” exclusively targeted the Windows operating... Read more »

The post Sonatype uncovers further malicious PyPI and npm packages appeared first on Developer Tech News.

Malware campaign targets official Python and JavaScript repos

Ryan Daws — Tue, 13 Dec 2022 16:38:38 +0000

An active malware campaign is targeting official Python and JavaScript repositories. Software supply chain security firm Phylum spotted the campaign. Phylum said that it discovered the campaign after noticing a flurry of activity around typosquats of the popular Python requests package. Typosquats take advantage of simple typos to install malicious packages. In this case, the... Read more »

The post Malware campaign targets official Python and JavaScript repos appeared first on Developer Tech News.

GitHub notifies victims of OAuth token theft

Ryan Daws — Tue, 19 Apr 2022 16:06:33 +0000

GitHub is notifying known victims of an ongoing attack using stolen third-party OAuth user tokens. OAuth user tokens maintained by Heroku and Travis CI were stolen and abused by an unauthorised party to download data from dozens of organisations, including npm. Mike Hanley, Chief Security Officer at GitHub, wrote in a blog post: “We have... Read more »

The post GitHub notifies victims of OAuth token theft appeared first on Developer Tech News.

Large-scale supply chain attack used 218 malicious NPM packages

Ryan Daws — Thu, 24 Mar 2022 14:32:40 +0000

A large-scale supply chain attack has been uncovered that used 218 malicious NPM packages. Researchers from JFrog claim that several of their automated analysers started throwing up alerts regarding a set of packages in the npm registry earlier this week. Over a few days, the number of packages swelled from around 50 packages to more... Read more »

The post Large-scale supply chain attack used 218 malicious NPM packages appeared first on Developer Tech News.