malicious code npm
There’s a RAT in my code: new npm malware with Bladabindi trojan spotted
Over the Thanksgiving weekend, Sonatype discovered new malware within the npm registry. This time, the typosquatting packages identified by us are laced with a popular Remote Access Trojan (RAT) ...
Trick or treat: that `twilio-npm` package is brandjacking malware in disguise!
As if the increasing attacks on the open source ecosystem and vulnerabilities making headlines weren’t scary enough events, this Halloween devs were exposed to another malicious trick. ...
Sonatype finds malicious npm packages which broadcast your IP, username, and device fingerprint info on the web
Sonatype researchers discovered and confirmed the presence of two new vulnerable npm packages. Sonatype’s discovery was initially made by its malicious code detection bots. By applying machine learning and artificial intelligence to ...
Nexus Intelligence Insights: Sonatype-2020-0003 – npm malicious package 1337qq-js
Happy New Year! Nexus Intelligence Insights is back with an open source component vulnerability that turns out to be not so bad after all ...
