Ongoing typosquatting campaign impersonates hundreds of popular npm packages
Phylum noted that some unknown miscreant was using typosquat packages masquerading as Puppeteer, Bignum.js and various cryptocurrency libraries – 287 packages in total – to trick developers into ...
Developer Tech10d
NPM supply chain attack uses Ethereum blockchain
Checkmarx researchers have detected a unique supply chain attack within the NPM ecosystem that uses the Ethereum blockchain.
The Hacker News21d
Researchers Discover Command Injection Flaw in Wi-Fi Alliance's Test Suite
"This flaw allows an unauthenticated local attacker to exploit the Wi-Fi Test Suite by sending specially crafted packets, enabling the execution of arbitrary commands with root privileges on the ...
GitHub22d
OS Command Injection in Snyk php plugin
This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack Vector: This metric reflects the context by which vulnerability ...
The Hacker News24d
Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor
The latest and the most complete package in the list is ethers-mew. This is not the first time rogue packages with similar functionality have been discovered in the npm registry. In August 2023, ...