Tag Archives: code repositories

NPM flooded with malicious packages downloaded more than 86,000 times

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection. The finding, laid out Wednesday by security firm Koi, brings attention to an NPM practice that allows installed packages to automatically pull down and run unvetted packages from… Read More: NPM flooded with malicious packages downloaded more than 86,000 times »

Destructive malware available in NPM repo went unnoticed for 2 years

Some of the payloads were limited to detonate only on specific dates in 2023, but in some cases a phase that was scheduled to begin in July of that year was given no termination date. Pandya said that means the threat remains persistent, although in an email he also wrote: “Since all activation dates have… Read More: Destructive malware available in NPM repo went unnoticed for 2… »

Developers can’t seem to stop exposing credentials in publicly accessible code

Victor De Schwanberg/Science Photo Library via Getty Images reader comments 43 with Despite more than a decade of reminding, prodding, and downright nagging, a surprising number of developers still can’t bring themselves to keep their code free of credentials that provide the keys to their kingdoms to anyone who takes the time to look for… Read More: Developers can’t seem to stop exposing credentials in publicly accessible… »

Latest attack on PyPI users shows crooks are only getting better

reader comments 26 with Share this story More than 400 malicious packages were recently uploaded to PyPI (Python Package Index), the official code repository for the Python programming language, in the latest indication that the targeting of software developers using this form of attack isn’t a passing fad. All 451 packages found recently by security… Read More: Latest attack on PyPI users shows crooks are only getting… »