Artificial intelligencefromTheregister2 weeks agoAI code suggestions sabotage software supply chainLLM-powered code generation tools are reshaping software development but may introduce significant risks to the software supply chain.
fromInfoWorld2 months agoJavaScriptMalicious package found in the Go ecosystemA backdoored typosquat package was found in the Go ecosystem, highlighting dangers in package integrity.The vulnerability lasted over three years with extensive dependencies affected.
Artificial intelligencefromTheregister2 weeks agoAI code suggestions sabotage software supply chainLLM-powered code generation tools are reshaping software development but may introduce significant risks to the software supply chain.
fromInfoWorld2 months agoJavaScriptMalicious package found in the Go ecosystemA backdoored typosquat package was found in the Go ecosystem, highlighting dangers in package integrity.The vulnerability lasted over three years with extensive dependencies affected.
Growth hackingfromDevOps.com1 month agoBad Actor Targets Linux, macOS Developers with Typosquatted Go Packages - DevOps.comA new typosquatting campaign targets Go developers, spreading malware through malicious packages that impersonate legitimate libraries.
JavaScriptfromThe Hacker News4 months agoThousands Download Malicious npm Libraries Impersonating Legitimate ToolsMalicious typosquats of legitimate npm packages have been discovered, posing significant risks to developers.
JavaScriptfromTechzine Global5 months agoHackers abuse NPM code registries via Ethereum networkNPM registries are under attack from malicious packages leveraging typosquatting, targeting developers' systems.287 malicious packages discovered affect prominent libraries.Hackers utilize Ethereum smart contracts to obscure their true origins.
fromSecuritymagazine8 months agoInformation securityNew research: Malicious actors are imitating tech companiesMalicious actors are increasingly using typosquatting to impersonate tech companies and compromise corporate systems.
fromDevOps.com2 months agoJavaScriptTyposquat Supply Chain Attack Targets Go Developers - DevOps.comA Go database module backdoor highlights risks posed by typosquatting and supply chain vulnerabilities.
fromSecuritymagazine5 months agoInformation securityMalicious Python Package Index steals Amazon Web Services credentialsA malicious Python package called 'fabrice' has exfiltrated AWS credentials, highlighting the risks of typosquatting in the developer community.
Growth hackingfromDevOps.com1 month agoBad Actor Targets Linux, macOS Developers with Typosquatted Go Packages - DevOps.comA new typosquatting campaign targets Go developers, spreading malware through malicious packages that impersonate legitimate libraries.
JavaScriptfromThe Hacker News4 months agoThousands Download Malicious npm Libraries Impersonating Legitimate ToolsMalicious typosquats of legitimate npm packages have been discovered, posing significant risks to developers.
JavaScriptfromTechzine Global5 months agoHackers abuse NPM code registries via Ethereum networkNPM registries are under attack from malicious packages leveraging typosquatting, targeting developers' systems.287 malicious packages discovered affect prominent libraries.Hackers utilize Ethereum smart contracts to obscure their true origins.
fromSecuritymagazine8 months agoInformation securityNew research: Malicious actors are imitating tech companiesMalicious actors are increasingly using typosquatting to impersonate tech companies and compromise corporate systems.
fromDevOps.com2 months agoJavaScriptTyposquat Supply Chain Attack Targets Go Developers - DevOps.comA Go database module backdoor highlights risks posed by typosquatting and supply chain vulnerabilities.
fromSecuritymagazine5 months agoInformation securityMalicious Python Package Index steals Amazon Web Services credentialsA malicious Python package called 'fabrice' has exfiltrated AWS credentials, highlighting the risks of typosquatting in the developer community.
MiscellaneousfromFast Company5 months agoScammers are making thousands of dollars through blockchain typosquattingTyposquatting scams in crypto are exploiting small typing errors, resulting in significant financial losses for unsuspecting senders.
JavaScriptfromTheregister5 months agoTyposquat campaign impersonates 287+ popular npm packagesA typosquatting campaign targets developers by distributing malicious npm packages disguised as popular libraries, complicating detection through new blockchain-based command control.