NPM ecosystem at risk from “Manifest Confusion” attacks | allinfosecnews.com

June 28, 2023, 2:28 p.m. | Bill Toulas

BleepingComputer www.bleepingcomputer.com

The NPM (Node Package Manager) registry suffers from a security lapse called "manifest confusion," which undermines the trustworthiness of packages and makes it possible for attackers to hide malware in dependencies or perform malicious script execution during installation. [...]

attackers attacks called dependencies ecosystem hide installation lapse malicious malware manager manifest node node package manager npm package package manager packages registry risk script security trustworthiness

More from www.bleepingcomputer.com / BleepingComputer

Kaspersky releases free tool that scans Linux for known threats 20 hours ago | www.bleepingcomputer.com

free free tool kaspersky linux +13

Google Chrome change that weakens ad blockers begins June 3rd 21 hours ago | www.bleepingcomputer.com

ad blockers change chrome extensions +6

Live Nation finally confirms massive Ticketmaster data breach 1 day, 14 hours ago | www.bleepingcomputer.com

breach cloud cloud database data +12

Ticketmaster confirms massive breach after stolen data for sale online 1 day, 14 hours ago | www.bleepingcomputer.com

breach cloud cloud database data +13

DMM Bitcoin warns that hackers stole $300 million in Bitcoin 1 day, 15 hours ago | www.bleepingcomputer.com

bitcoin btc cryptocurrency cryptocurrency heist +10

CISA warns of actively exploited Linux privilege elevation flaw 1 day, 16 hours ago | www.bleepingcomputer.com

actively exploited agency amp catalog +16

Snowflake account hacks linked to Santander, Ticketmaster breaches 1 day, 18 hours ago | www.bleepingcomputer.com

account accounts actor breaches +16

Europol identifies 8 cybercriminals tied to malware loader botnets 1 day, 19 hours ago | www.bleepingcomputer.com

botnets cybercriminals droppers eight +13

ShinyHunters claims Santander breach, selling data for 30M customers 1 day, 20 hours ago | www.bleepingcomputer.com

account actor bank breach +13

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia

View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)

View on infosec-jobs.com