all InfoSec news
Malicious npm and PyPi Packages Exfiltrate SSH Keys From Server
Cyber Security News cybersecuritynews.com
JavaScript and Python both have their own package repositories called npm (Node Package Manager) and PyPi (Python Package Index), respectively. They act as key centers for publishing and exchanging reusable code libraries and packages by developers. Sonatype Security Research tracks the npm registry campaign extracting Kubernetes configs and SSH keys via npm packages. Their automated […]
The post Malicious npm and PyPi Packages Exfiltrate SSH Keys From Server appeared first on Cyber Security News.
act called campaign centers code developers javascript key keys kubernetes malicious malicious npm manager node node package manager npm npm and pypi own package package manager packages publishing pypi pypi packages python python package python package index registry repositories research security security research server sonatype ssh ssh keys