Security researchers have uncovered a new supply chain attack targeting the NPM registry with malicious code that exhibits worm-like propagation capabilities. Named Sandworm_Mode, the attack was deployed through 19 packages published under two aliases, which relied on typo squatting to trick developers into executing the malicious code. According to cybersecurity firm Socket, the attack bears the hallmarks of the Shai-Hulud campaign that hit roughly 800 NPM packages in September and November 2
npm (4)
Cyber researchers have uncovered a large-scale software supply chain attack on GitHub dubbed “GhostAction”, which has exposed more than 3,300 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare API keys, AWS access keys, and database credentials so far.
The campaign came to light after suspicious activity was detected in the FastUUID project on September 2. Attackers had compromised maintainer accounts and injected a malicious GitHub Actions workflow designed to trigger on code
Cybersecurity researchers have discovered new malicious packages on the npm package registry that are designed to exfiltrate sensitive developer information. The npm registry is a public database of JavaScript packages that developers use to contribute packages to the community or download packages for their own projects. The default npm public registry is found at https://registry.npmjs.org. npm is configured to use this registry by default, but it can be configured to use any compatible regi
As recently exposed by cyber threat investigators, software supply chain attacks have gained popularity with cybercriminals. Once exclusively used by cyberespionage threat actors, these attacks have become attractive for average cyber criminals, who see this threat as a way to compromise hundreds or thousands of computers with one operation. This explains why the software supply chain attack threat more than tripled in 2021 when compared to 2020, researchers report.[1]
A software supply chain a
