LofyLife : des packages malveillants dans le référentiel npm | Blog officiel de Kaspersky

Le code open-source est une bénédiction pour l’industrie informatique. Il fait gagner du temps aux programmeurs, et il leur permet de créer plus rapidement des solutions informatiques et de les rendre plus efficaces en éliminant l’écriture répétitive du code commun. Des référentiels ont été créés pour que ce partage de connaissances soit plus simple ; […]

Continue Reading

Large-scale cryptomining campaign is targeting the NPM JavaScript package repository

Researchers uncovered a large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. Checkmarx researchers spotted a new large-scale cryptocurrency mining campaign, tracked as CuteBoi, that is targeting the NPM JavaScript package repository. Threat actors behind the campaign published 1,283 malicious modules in the repository and used over 1,000 different user accounts. The researchers uncovered […]

Continue Reading

Tens of malicious NPM packages caught hijacking Discord servers

Researches from cybersecurity firm JFrog found 17 malicious packages on the NPM package repository hijacking Discord servers. JFrog researchers have discovered 17 malicious packages in the NPM (Node.js package manager) repository that were developed to hijack Discord servers. The libraries allow stealing Discord access tokens and environment variables from systems running giving the attackers full access to […]

Continue Reading

GitHub addressed two major vulnerabilities in the NPM package manager

Maintainers of the npm package manager for the JavaScript programming language disclosed multiple flaws that were recently addressed. GitHub disclosed two major vulnerabilities in the npm that have been already addressed. The first vulnerability can be exploited by an attacker to publish new versions of any npm package using an account without proper authorization. The flaw was reported by […]

Continue Reading