thehackernews.com

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware (opens in new tab)

Covers Malicious Postinstall Hook Found Across 700+ GitHub Repositories, Including Packagist and Node.js ProjectsCovered by kite.kagi.com

A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. "Although the affected packages were all Composer packages, the malicious code was not added to composer.json," Socket said. "Instead, it was inserted into package.json, targeting projects that ship JavaScript

Read the original article
Sign in to keep reading the full article.
Sign UpLog In

Covered in 2 articles

In other languages

kite.kagi.com·

공격자들이 자격 증명을 탈취하기 위해 Laravel Lang 패키지를 하이재킹함

Feeds
kite.kagi.com·

공격자들이 자격 증명 탈취기로 PHP 패키지를 오염시키다

Feeds

Keyboard Shortcuts

Navigation

Next / previous post
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Discover
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help