$: DevZone |

‘Bloat free’ Data Exfiltration Technique

Malicious ‘rustdecimal’ Crate Found in Rust Repository

Ongoing Campaign Targets ‘colors’ Library

Apache Kafka Project Clone Leverages Dependency Confusion

PyPI Package ‘ctx’ and PHP Library ‘phpass’ Compromised to Steal Environment Variables

New ‘pymafka’ Malicious Package Drops Cobalt Strike on macOS, Windows, Linux

VMware VSphere Dependency Confusion Attempt Caught by Sonatype

500+ Malicious npm Packages Caught by Sonatype

PyPI Takes Down Malicious ‘Distutil’ Package Imitating ‘distutils'

Rise in ‘Protestware’ During Russia-Ukraine Crisis

Careful Out There: Open Source Attacks Continue To Be On the Uptick

New ‘colors-2.0’, ‘colors-3.0’ Packages Are Malicious

A Cryptic ‘Reverse Shell’ Found Lurking in PyPI Packages

86 Malicious npm Packages Named After Popular NodeJS Functions

Malicious PyPi Packages Steal Your Roblox Security Cookies and Discord Tokens

PyPI, NuGet, and npm Flooded With Roblox and Fortnite Spam

Trojanized PyPI Package Imitates a Popular Python Server Library

jQuery npm Typosquat Has a Fishy Surprise

Massively Popular "Colors" and "Faker" npm Libraries Sabotaged

PyPI Flooded With More Than 1,200 Dependency Confusion Packages

Crypto App Faces $5 Million Ransom Demand Following Log4j Hack

Log4j Zero-day Sets the Internet on Fire With 'Log4Shell' Attacks

Malicious PyPI Packages With 10,000 Downloads Taken Down

Popular Library "coa" Gets Hijacked in an Identical Style as "ua-parser-js"

Hours After "coa" Hijack Is Discovered, "rc" Is Hijacked, Too

Newly Found npm Malware Mines Cryptocurrency on Multiple Devices

Popular "ua-parser-js" Library Attacked

Fake npm Roblox API Package Installs Ransomware and has a Spooky Surprise

Cryptocurrency Heist Stemmed from a Malicious GitHub Commit

Kaseya

Microsoft’s WinGet Flooded With Duplicate, Malformed Apps

Codecov

Namespace Confusion

SolarWinds

“CursedGrabber” Malware Discovered

Counterfeit Components Discovered in the npm Ecosystem

New npm Malware With Bladabindi Trojan Spotted

Brandjacking Malware Found in npm

Multiple npm Packages Vulnerable to Typosquatting Attacks

Octopus Scanner

Hundreds of Malware Gems found on RubyGems

Microsoft Spots Malicious JavaScript Package

Trojanized Python Libraries Removed

Computers Running Malicious npm Package Considered “Fully Compromised”

Prototype Pollution Vulnerability Continues to Cause Problems

Gem Packages Pulled From Repo

Compromised Version of rest-client Maintainer Stole credentials, Installed Crypto Miners

Malicious Package Removed From npm Repository

Malicious Python Libraries Removed From PyPI

RubyGems Component Found to Contain Malicious Code

Cryptocurrency Attack on npm via Malicious Code Injection

23 Malicious RubyGems Packages Discovered

Backdoored RubyGems Package Allows Remote Code Execution

Malicious Package Injected Into Popular npm Package

Compromised JavaScript Package Caught Stealing npm Credentials

Homebrew Repository Compromised

Linux Distro Hacked on GitHub

Backdoored npm Package Discovered

Backdoored PyPI Package Discovered

Deleted GitHub Account Resurrected by Unknown User

npm Credentials Intentionally Compromised

“I’m harvesting credit card numbers and passwords from your site. Here’s how.”

PyPI Typosquat

Typosquatting Attack on npm

npm Credentials Published Online

17 Backdoored Images Created on Docker Hub