Threat actors are now taking advantage of GitHub's search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware.
The latest assault on the open-source software supply chain involves concealing malicious code within Microsoft Visual Code project files that's designed to download next-stage payloads from a remote URL,
A new set of 48 malicious npm packages have been discovered in the npm repository with capabilities to deploy a reverse shell on compromised systems.
"These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install," software supply chain security firm PhylumΒ said.
All the counterfeit packages have been published by
A malicious package hosted on the NuGet package manager for the .NET Framework has been found to deliver a remote access trojan called SeroXen RAT.
The package, named Pathoschild.Stardew.Mod.Build.Config and published by a user namedΒ Disti, is a typosquat of a legitimate package calledΒ Pathoschild.Stardew.ModBuildConfig, software supply chain security firm PhylumΒ saidΒ in a report today.
While
In yet another sign that developers continue to be targets of software supply chain attacks, a number of malicious packages have been discovered on the Rust programming language's crate registry.
The libraries, uploaded between August 14 and 16, 2023, were published by a user named "amaperf," PhylumΒ saidΒ in a report published last week. The names of the packages, now taken down, are as follows:
The npm package registry has emerged as the target of yet another highly targeted attack campaign that aims to entice developers into downloading malevolent modules.
Software supply chain security firm Phylum told The Hacker News the activity exhibits similar behaviors to that of a previous attack waveΒ uncovered in June, which has since beenΒ linked to North Korean threat actors.
As many as nine
Login
FreshRSS