MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
supply
Recherche

Supply chain attack compromises NPM packages to spread backdoor malware

vendredi 25 juillet 2025, 03:32 , par InfoWorld
In a newly discovered supply chain attack, attackers last week targeted a range of NPM-hosted JavaScript type testing utilities, several of which were successfully compromised to distribute malware.

Anyone automatically downloading these packages would have been exposed to a backdoor supply chain attack until cleaned versions were installed.

In one example on July 19, attackers loaded the popular is NPM JavaScript type testing utility with malware that went unnoticed for six hours. The bad news was delivered by maintainer Jordan Harband in a post on Bluesky:
Lire la suite sur InfoWorld
https://www.csoonline.com/article/4028412/supply-chain-attack-compromises-npm-packages-to-spread-bac...

Voir aussi

supply Freelance dev shop Toptal caught serving malware after GitHub account break-in TheRegister25 Jul
malware Déguisé en VPN, ce malware espion iranien cherche à pirater votre smartphone Android 01net25 Jul
attack Euro healthcare giant AMEOS Group shuts down IT systems after mystery attack TheRegister24 Jul
chain Coyote malware abuses Microsoft's UI Automation to hunt banking creds TheRegister24 Jul
packages Not pretty, not Windows-only: npm phishing attack laces popular packages with malware TheRegister24 Jul
backdoor Vol de données : le malware Lumma fait un retour en force, deux mois après son démantèlement 01net23 Jul
npm France Travail piraté : les données de 340 000 demandeurs d’emploi ont été compromises 01net23 Jul
testing Arch Linux users told to purge Firefox forks after AUR malware scare TheRegister22 Jul
type Malicious packages uploaded to the Arch Linux AUR LWN.net22 Jul
javascript Hackers Exploit a Blind Spot By Hiding Malware Inside DNS Records Slashdot21 Jul
attackers UK Backing Down on Apple Encryption Backdoor After Pressure From US Slashdot21 Jul
were Microsoft patches under-attack SharePoint 2019 and SE TheRegister21 Jul
compromises MSRT vs. MSERT: Using Microsoft native malware handlers ComputerWorld21 Jul
spread Microsoft patches failed to fix on-prem SharePoint, which is now under zero-day attack TheRegister21 Jul
supply UK uncovers novel Microsoft snooping malware, blames and sanctions GRU cyberspies TheRegister20 Jul
malware Google Spots Tailored Backdoor Malware Aimed At SonicWall Appliances Slashdot18 Jul
attack Attention ! Le malware Konfety sur Android devient quasi indétectable Génération-NT17 Jul
chain MCP server announced for JFrog supply chain management platform InfoWorld17 Jul
packages Hackers Are Finding New Ways to Hide Malware in DNS Records Wired: Tech.17 Jul
backdoor Outdated printer firmware can leave organizations open to attack BetaNews17 Jul
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Date Actuelle
sam. 26 juil. - 03:06 CEST