all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

This Week in Malware— Cryptominers Flood npm, PyPI, and More Dependency Confusion

Add to bookmarks
Aug. 19, 2022, 1:41 p.m. | hernano@sonatype.com (Hernán Ortiz)

Sonatype Blog blog.sonatype.com




This Week in Malware we are disclosing upwards of 240 PyPI and npm packages, the majority of which are typosquats dropping malicious cryptominers, along with some dependency confusion PoCs.


cryptominers dependency dependency confusion devzone flood malware malware prevention npm pypi this week in malware vulnerabilities

Visit resource

More from blog.sonatype.com / Sonatype Blog

I have an SBOM, now what? 3 days, 12 hours ago | blog.sonatype.com
food food industry industry origins +11
PyPI crypto-stealer targets Windows users, revives malware campaign 3 days, 21 hours ago | blog.sonatype.com
campaign code crypto discovery +22
Zero-day vulnerabilities: A beginner's guide 1 week, 3 days ago | blog.sonatype.com
article beginner guide log4shell +8
The new Sonatype Learn: Self-service educational materials where and when you need them 2 weeks, 2 days ago | blog.sonatype.com
courses devops educational industry +15
The new Sonatype Learn: Self-service educational materials where and when you need them 2 weeks, 2 days ago | blog.sonatype.com
courses devops educational industry +15
Enhance security with Sonatype Lifecycle and ServiceNow Application Vulnerability Response (AVR) integration 2 weeks, 2 days ago | blog.sonatype.com
application application vulnerability integration integrations +14
Enhance security with Sonatype Lifecycle and ServiceNow Application Vulnerability Response (AVR) integration 2 weeks, 2 days ago | blog.sonatype.com
application application vulnerability integration integrations +14
Sonatype Lifecycle best practices: InnerSource 2 weeks, 3 days ago | blog.sonatype.com
best practices code code quality collaboration +9
Take control of your InnerSource components with InnerSource Insight 2 weeks, 4 days ago | blog.sonatype.com
components control developers easier +11

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)
View on infosec-jobs.com