all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

It doesn't take an APT to hack devs via a packaging ecosystem

Add to bookmarks
Sept. 30, 2023, 12:51 a.m. | Michael Hall

DEV Community dev.to

Or maybe we should consider APT to include the definition "Adequate persistent threat" as well.


There are people trying to do the thankless job of keeping package registries free of malicious code. Here's a recent blogpost from phylum about a campaign they detected on both npm and pypi


What happens when attackers get stymied by things that are obvious? They either try and outpace detection or they get quieter.


The below is a nearly ready to go way to generate …

apt campaign code definition ecosystem free hack job malicious npm package packaging people persistent persistent threat phylum pypi python security threat

Visit resource

More from dev.to / DEV Community

How to import all AWS profiles from AWS LandingZone an hour ago | dev.to
account accounts aws beginners +12
What is Container Scanning? 3 hours ago | dev.to
adversaries application application development applications +21
We just raised our $17 million Series A 3 hours ago | dev.to
big board capital connect +9
Answer: ImportError: No module named xgboost 4 hours ago | dev.to
check control download environment +7
Zen of debugging: 5 tips for beginners 4 hours ago | dev.to
article beginners best practices career +17
Enhancing security for Lambda function URLs 6 hours ago | dev.to
access access control aws cloudfront +14
Linux Basics: A Clear Guide to Getting Started 7 hours ago | dev.to
basics can clear cloud +14
Exploring the Power of Zero Trust Authentication 7 hours ago | dev.to
authentication beacon chaos cyber +18
10 Best Websites for practicing Data Structures and Algorithms (DSA): 10 hours ago | dev.to
algorithms array cases code +16

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Associate Manager, BPT Infrastructure & Ops (Security Engineer)

@ SC Johnson | PHL - Makati
View on infosec-jobs.com

Cybersecurity Analyst - Project Bound

@ NextEra Energy | Jupiter, FL, US, 33478
View on infosec-jobs.com

Lead Cyber Security Operations Center (SOC) Analyst

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Junior Information Security Coordinator (Internship)

@ Garrison Technology | London, Waterloo, England, United Kingdom
View on infosec-jobs.com

Sr. Security Engineer

@ ScienceLogic | Reston, VA
View on infosec-jobs.com
View more jobs