npm Packages
-
Discovery of Malicious Go Packages Exposes Supply Chain Vulnerabilities
Recent cybersecurity research highlights a critical vulnerability in the Go programming ecosystem with the discovery of 11 malicious packages designed for covert data exfiltration on Windows and Linux systems. The malware exploits the decentralized nature of Go modules, undermining developer confidence.
-
New Supply Chain Malware Operation Targets GlueStack Packages
A new supply chain attack has targeted GlueStack packages, affecting nearly one million downloads and allowing hackers to execute commands and steal information from compromised systems.
-
North Korean Hackers Expand Malicious Software Distribution via npm
North Korean hackers have expanded their distribution of malicious software through the npm ecosystem, targeting developers with newly identified packages that deploy the BeaverTail malware and a remote access trojan. Security experts warn of the persistent threat posed by this group as they adopt sophisticated methods to evade detection.
