“Command-Jacking”: New Supply Chain Attack Hijacks CLI Tools
In a report by Yehuda Gelb and Elad Rapoport from the Checkmarx Security Research Team, a new supply chain attack technique has been uncovered that could compromise the integrity of...
Tagged: npm
npm’s Hidden Threat: The Covert Trojan Lurking in Your Windows System
Recently, the Phylum team’s automated risk detection platform uncovered a suspicious publication on npm, a popular package manager for JavaScript. This discovery shed light on a complex attack orchestrated through...
SentinelOne Unveils: The Hidden Dangers of npm in Business Security
In the rapidly evolving digital landscape, software development has become a battleground, with npm (Node Package Manager) sitting at the heart of numerous security challenges. As the default package manager...
Major npm flaw crashes Linux Systems, force users to reinstall
According to the npm bug report on GitHub, npm user Crunkle noted that npm 5.7.0 completely corrupted his file system permissions, making it necessary for him to manually patch permissions...
