Hackers abuse NPM code registries via Ethereum networkNPM registries are under attack from malicious packages leveraging typosquatting, targeting developers' systems.287 malicious packages discovered affect prominent libraries.Hackers utilize Ethereum smart contracts to obscure their true origins.
Malicious packages in open-source repositories are surgingMalicious packages in open-source software have increased by over 150% in the past year.
Images weaponised in latest supply chain attackMalicious packages discovered in npm registry containing hidden command and control functionality embedded in image files.
Veracode strengthens software security with acquisition of Phylum technologyVeracode enhances application security by acquiring Phylum's technology for real-time analysis of malicious packages, addressing rising supply chain attack costs.
Snyk deployed 'malicious' packages, claims infoseccerSnyk faces allegations of malicious packages targeting Cursor.Malicious packages on NPM can compromise sensitive information.Concerns arise from metadata linking these packages to Snyk.
Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto AddressesAttackers upload malicious npm packages to target crypto wallet software, enabling them to manipulate transactions covertly.
Hackers abuse NPM code registries via Ethereum networkNPM registries are under attack from malicious packages leveraging typosquatting, targeting developers' systems.287 malicious packages discovered affect prominent libraries.Hackers utilize Ethereum smart contracts to obscure their true origins.
Malicious packages in open-source repositories are surgingMalicious packages in open-source software have increased by over 150% in the past year.
Images weaponised in latest supply chain attackMalicious packages discovered in npm registry containing hidden command and control functionality embedded in image files.
Veracode strengthens software security with acquisition of Phylum technologyVeracode enhances application security by acquiring Phylum's technology for real-time analysis of malicious packages, addressing rising supply chain attack costs.
Snyk deployed 'malicious' packages, claims infoseccerSnyk faces allegations of malicious packages targeting Cursor.Malicious packages on NPM can compromise sensitive information.Concerns arise from metadata linking these packages to Snyk.
Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto AddressesAttackers upload malicious npm packages to target crypto wallet software, enabling them to manipulate transactions covertly.
AI is making the software supply chain more perilous than everThe JFrog report highlights security risks in the software supply chain, detailing threats from vulnerabilities, malicious packages, exposed secrets, and human error.
Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to DevelopersA new supply chain attack technique called Revival Hijack targets the PyPI registry, allowing attackers to exploit existing packages for malicious intent.