World’s Largest Supply Chain Cyber Attack… And just 5 Cents Stolen?
You probably saw the headlines: the world’s largest npm supply chain attack, chalk and debug-js packages with BILLIONS of downloads...
npm
Where did these mysterious PrismJS npm versions come from?
In 2015, strange 9000.0.x versions of PrismJS appeared on npm downloads, and nobody had a clue where they came from,...
Grayhat pollutes npm, PyPI with thousands of fake supply chain dependencies
A gray hat hacker has published over 7,000 dependency confusion packages to npm and PyPI repositories and continues to do...
DoS flaw lets attackers crash NodeJS apps via DNS lookups
This week, NodeJS project has released fixes for a DoS vulnerability, CVE-2020-8277, that could be triggered via DNS requests. An...
‘CursedGrabber’ Discord malware possibly linked to Russian and Ukrainian hackers
A new family of Discord malware has been spotted by Sonatype this week. Known as CursedGrabber, multiple strands of this...
NodeJS malware caught exfiltrating IPs, username, and device information on GitHub
Multiple NodeJS packages laden with malicious code have been spotted on npm registry. These "typosquatting" packages served no purpose other...