Sunday, June 29, 2025

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library

Home
Security Creators Network
Webinars
Events
- Upcoming Events
- On-Demand Events
Sponsored Content
Chat
Library
Related Sites
Media Kit
About
Sponsor

Analytics
AppSec
CISO
Cloud
DevOps
GRC
Identity
Incident Response
IoT / ICS
Threats / Breaches
More
Humor

Security Bloggers Network

Home » Security Bloggers Network » Crypto enthusiasts flood npm with more than 281,000 bogus packages overnight

Crypto enthusiasts flood npm with more than 281,000 bogus packages overnight

by Ax Sharma on August 19, 2024

Crypto enthusiasts flood npm with more than 281,000 bogus packages overnight

Crypto enthusiasts have lately been flooding software registries like npm and PyPI with thousands of bogus packages that add no functional value and instead put a strain on the entire open source ecosystem.

A single instance, recorded by Sonatype in July 2024, saw 281,512 distinct packages appearing on the npmjs.com registry overnight — each package named a gibberish Latin phrase akin to Lorem Ipsum.

Techstrong Gang Youtube

AWS Hub

*** This is a Security Bloggers Network syndicated blog from 2024 Sonatype Blog authored by Ax Sharma. Read the original post at: https://www.sonatype.com/blog/crypto-enthusiasts-flood-npm-with-281000-bogus-packages-overnight

August 19, 2024August 19, 2024 Ax Sharma dependencies, npm, PyPI, Sonatype Lifecycle, Sonatype Repository Firewall

← What You Missed About the CrowdStrike Outage:: The Next Strike Might Be Linux Due to eBPF
Should small businesses worry about the NIS2 Directive in Europe? →

Techstrong TV

Click full-screen to enable volume control

Watch latest episodes and shows

Tech Field Day Events

Upcoming Webinars

Securing Vibe Coding: Addressing the Security Challenges of AI-Generated Code

How to Spot and Stop Security Risks From Unmanaged AI Tools

Podcast

Listen to all of our podcasts

Press Releases

GoPlus's Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Subscribe to our Newsletters

Most Read on the Boulevard

N. Korean Group BlueNoroff Uses Deepfake Zoom Calls in Crypto Scams

‘IntelBroker’ Hacker Arrested for Wave of High-Profile Data Breaches

LapDogs Campaign Shows Chinese Groups’ Growing Use of ORB Networks

Fortanix Adds Dashboard to Better Prioritize Remediation Efforts for PQC Era

Abstract Security Adds Data Lake to Reduce Storage Costs

Black Hat SEO Poisoning Search Engine Results For AI to Distribute Malware

What Water Utilities Need to Know About HMI Security and AI Solutions

AI vs. AI: How Deepfake Attacks Are Changing Authentication Forever

Cybersecurity Snapshot: U.S. Gov’t Urges Adoption of Memory-Safe Languages and Warns About Iran Cyber Threat

Best SAST Solutions: How to Choose Between the Top 11 Tools in 2025

Industry Spotlight

Application Security Cloud Security Cyberlaw Cybersecurity Data Privacy Data Security DevOps Endpoint Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threats & Breaches Vulnerabilities

WhatsApp BANNED by House Security Goons — But Why?

June 24, 2025 Richi Jennings | Jun 24 0

Cloud Security Cybersecurity Data Privacy Data Security Featured Identity & Access Industry Spotlight Mobile Security Network Security News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence

Scattered Spider Targets Aflac, Other Insurance Companies

June 22, 2025 Jeffrey Burt | Jun 22 0

Analytics & Intelligence Blockchain Cyberlaw Cybersecurity Data Privacy Digital Currency Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches

US Pig Butchering Victims ‘Will’ Get Refunds — Feds Seize $225M Cryptocurrency

June 20, 2025 Richi Jennings | Jun 20 0

Top Stories

Cloud Security Cybersecurity Data Privacy Data Security Featured Identity & Access Mobile Security Network Security News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Threats & Breaches

NIST’s CURBy Uses Quantum to Verify Randomness of Numbers

June 29, 2025 Jeffrey Burt | 2 hours ago 0

Cloud Security Cybersecurity Data Privacy Data Security Featured Identity & Access Mobile Security Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Threats & Breaches

‘IntelBroker’ Hacker Arrested for Wave of High-Profile Data Breaches

June 28, 2025 Jeffrey Burt | Yesterday 0

Cybersecurity Featured News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight

Abstract Security Adds Data Lake to Reduce Storage Costs

June 27, 2025 Michael Vizard | 2 days ago 0

Security Humor

Randall Munroe’s XKCD ‘Interoperability’

Randall Munroe’s XKCD ‘Interoperability’

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Join the Community

Add your blog to Security Creators Network
Write for Security Boulevard
Bloggers Meetup and Awards
Ask a Question
Email: [email protected]

Useful Links

About
Media Kit
Sponsor Info
Copyright
TOS
DMCA Compliance Statement
Privacy Policy

Related Sites

Techstrong Group
Cloud Native Now
DevOps.com
Digital CxO
Techstrong Research
Techstrong TV
Techstrong.tv Podcast
DevOps Chat
DevOps Dozen
DevOps TV

Powered by Techstrong Group

Copyright © 2025 Techstrong Group Inc. All rights reserved.