NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages

Written By Auto Tech Tuesday, 26 April 2022 Add Comment

April 27, 2022 at 10:27AM

A "logical flaw" has been disclosed in NPM, the default package manager for the Node.js JavaScript runtime environment, that enables malicious actors to pass off rogue libraries as legitimate and trick unsuspecting developers into installing them. The supply chain threat has been dubbed "Package Planting" by researchers from cloud security firm Aqua. Following responsible disclosure on February

from The Hacker News https://ift.tt/BKUMNCF

GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories
Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal
Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure

{ads}

NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages

Related

0 Response to "NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages"

Post a Comment

Article Top Ads

Central Ads Article 1

Middle Ads Article 2

Article Bottom Ads

{ads}

NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages

Related

Related Posts

0 Response to "NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages"

Post a Comment

Article Top Ads

Central Ads Article 1

Middle Ads Article 2

Article Bottom Ads