New Typosquating Attack on npm Package ‘colors’ Using Cross-language Technique Explained
The WhiteSource security team blocked a malicious npm package that uses a novel approach to disguise and execution.
Latest Content By Tamir
AWS Targeted by a Package Backfill Attack
WhiteSource’s Diffend identified, blocked, and reported two malicious packages that may indicate a new takeover method that targets packages of a well-known origin.
Automated Software Supply Chain Attacks: Should You be Worried?
From the factory floor to online shopping, the benefits of automation are clear: Larger quantities of products and services can be produced much faster. But automation can also be used for malicious purposes, as illustrated by the ongoing software supply chain attack targeting the NPM package repository. By automating the process of creating and publishing...