{ads}

NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages

Written By Tuesday 26 April 2022 Add Comment



April 27, 2022 at 10:27AM

A "logical flaw" has been disclosed in NPM, the default package manager for the Node.js JavaScript runtime environment, that enables malicious actors to pass off rogue libraries as legitimate and trick unsuspecting developers into installing them. The supply chain threat has been dubbed "Package Planting" by researchers from cloud security firm Aqua. Following responsible disclosure on February

from The Hacker News https://ift.tt/BKUMNCF

0 Response to "NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages"

Post a Comment

Subscribe to: Post Comments (Atom)

Article Top Ads

Central Ads Article 1

Middle Ads Article 2

Article Bottom Ads