all InfoSec news
It doesn't take an APT to hack devs via a packaging ecosystem
DEV Community dev.to
Or maybe we should consider APT to include the definition "Adequate persistent threat" as well.
There are people trying to do the thankless job of keeping package registries free of malicious code. Here's a recent blogpost from phylum about a campaign they detected on both npm and pypi
What happens when attackers get stymied by things that are obvious? They either try and outpace detection or they get quieter.
The below is a nearly ready to go way to generate …
apt campaign code definition ecosystem free hack job malicious npm package packaging people persistent persistent threat phylum pypi python security threat