Exploit creator selling 250+ reserved npm packages on Telegram | allinfosecnews.com

June 26, 2024, 2:20 p.m. | axsharma@sonatype.com (Ax Sharma)

Sonatype Blog blog.sonatype.com

Recently, the Sonatype Security Research team identified more than 250 npm packages which are lucrative and convincing exploits, because these are named exactly like the open source projects coming from Amazon Web Services (AWS), Microsoft, React, CKEditor, among other popular names.

amazon amazon web services aws coming exploit exploits malware analysis microsoft names npm open source packages popular projects react research security security research selling services sonatype sonatype repository firewall team telegram vulnerabilities web web services

More from blog.sonatype.com / Sonatype Blog

Software composition analysis (SCA): A beginner's guide 4 days, 19 hours ago | blog.sonatype.com

accelerate analysis applications beginner +18

Polyfill.io supply chain attack hits 100,000+ websites — all you need to know 5 days, 16 hours ago | blog.sonatype.com

attack cdn compromised javascript +10

Exploit creator selling 250+ reserved npm packages on Telegram 5 days, 16 hours ago | blog.sonatype.com

amazon amazon web services aws coming +23

Maven Central and the tragedy of the commons 5 days, 19 hours ago | blog.sonatype.com

central commons community concept +9

DORA ICT risk management framework: What to know 1 week ago | blog.sonatype.com

act analysis basic compliance +25

Start building your CRA compliance strategy now 1 week, 6 days ago | blog.sonatype.com

act building compliance cra +22

NIS2 readiness: Ensure compliance with the EU Cybersecurity Directive 2 weeks, 4 days ago | blog.sonatype.com

community compliance cybersecurity cybersecurity directive +14

'cors-parser' npm package hides cross-platform backdoor in PNG files 2 weeks, 6 days ago | blog.sonatype.com

backdoor cors cross-origin download +21

Uncovering the invisible threat: Why your network may still be at risk 3 weeks ago | blog.sonatype.com

components developers exposed malicious +9

Security Program Manager

@ PwC | Dublin - One Spencer Dock

View on infosec-jobs.com

Risk Services, Digital Audit - Associate / Senior Associate

@ PwC | Singapore - Marina One

View on infosec-jobs.com

Risk Services, Digital Audit - Manager

@ PwC | Singapore - Marina One

View on infosec-jobs.com

Director, Performance Marketing & Revenue Analytics

@ Proofpoint | Sunnyvale, CA

View on infosec-jobs.com

Regulated Data Program Manager - University Information Services – Georgetown University

@ Georgetown University | 2115 Wisconsin Ave 3rd Floor

View on infosec-jobs.com

Security Monitoring and Response Analyst II - (SOC)

@ Mastercard | Pune, India

View on infosec-jobs.com