News

The Hacker News1h

Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes

Attackers used 11 Go and 2 npm packages to spread malware across platforms, putting open-source developers at risk.
The Hacker News9d

Toptal GitHub Breach Exposes 73 Repositories and Injects Malware into 10 npm Packages

In what's the latest instance of a software supply chain attack, unknown threat actors managed to compromise Toptal's GitHub ...

Hackers breach Toptal GitHub account, publish malicious npm packages

Hackers compromised Toptal's GitHub organization account and used their access to publish ten malicious packages on the Node ...

Supply-chain attacks on open source software are getting out of hand

It has been a busy week for supply-chain attacks targeting open source software available in public repositories, with ...
Visual Studio Magazine7y

Analysis of GitHub C# Code Reveals Most Popular NuGet Packages, Tabs vs ...

A larger BigQuery analysis of even more GitHub code (way beyond just C#, to the tune of 1 billion files) also showed a developer preference for spaces. Json.NET is the clear winner in the most-popular ...
Threat Post3y

Malicious PyPI Code Packages Rack Up Thousands of Downloads

Three malicious packages hosted in the Python Package Index (PyPI) code repository have been uncovered, which collectively have more than 12,000 downloads – and presumably slithered into ...