all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Malicious npm and PyPi Packages Exfiltrate SSH Keys From Server

Add to bookmarks
Oct. 2, 2023, 9:06 a.m. | Tushar Subhra Dutta

Cyber Security News cybersecuritynews.com

JavaScript and Python both have their own package repositories called npm (Node Package Manager) and PyPi (Python Package Index), respectively. They act as key centers for publishing and exchanging reusable code libraries and packages by developers. Sonatype Security Research tracks the npm registry campaign extracting Kubernetes configs and SSH keys via npm packages. Their automated […]


The post Malicious npm and PyPi Packages Exfiltrate SSH Keys From Server appeared first on Cyber Security News.

act called campaign centers code developers javascript key keys kubernetes malicious malicious npm manager node node package manager npm npm and pypi own package package manager packages publishing pypi pypi packages python python package python package index registry repositories research security security research server sonatype ssh ssh keys

Visit resource

More from cybersecuritynews.com / Cyber Security News

Hackers Infiltrated 9-days Within UnitedHealth Network Before Ransomware Attack 19 hours ago | cybersecuritynews.com
alphv attack blackcat breach +21
Malware Cuckoo – Previously Unknown Infosteler Spyware Steals Data From MacOS 19 hours ago | cybersecuritynews.com
april bird code cuckoo +16
Postman API Testing Platform Flaw Exposes Sensitive Credentials 22 hours ago | cybersecuritynews.com
api api testing credentials cyber security +19
Millions of Docker Hub Repositories Found Pushing Malware for Over 5 Years 23 hours ago | cybersecuritynews.com
access applications cyber security developers +19
Investigating Two TeamCity Authentication Bypass Vulnerabilities 1 day, 11 hours ago | cybersecuritynews.com
access account account takeovers array +29
Threat Actors Claiming of 0-Day Vulnerability in Zyxel VPN Device 1 day, 13 hours ago | cybersecuritynews.com
0-day vulnerability access attackers claim +18
Muddling Meerkat Using DNS As A Powerful Weapon For Sophistication 1 day, 14 hours ago | cybersecuritynews.com
actor attacks china chinese +32
Pathfinder – New Attack Steals Sensitive Data From Modern Processors 1 day, 15 hours ago | cybersecuritynews.com
analysts attack attacks building +25
Beware of New Android Trojan That Executes Malicious Commands on Your Phone 1 day, 15 hours ago | cybersecuritynews.com
android android malware android trojan backdoor +14

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Security Engineer II- Full stack Java with React

@ JPMorgan Chase & Co. | Hyderabad, Telangana, India
View on infosec-jobs.com

Cybersecurity SecOps

@ GFT Technologies | Mexico City, MX, 11850
View on infosec-jobs.com

Senior Information Security Advisor

@ Sun Life | Sun Life Toronto One York
View on infosec-jobs.com

Contract Special Security Officer (CSSO) - Top Secret Clearance

@ SpaceX | Hawthorne, CA
View on infosec-jobs.com

Early Career Cyber Security Operations Center (SOC) Analyst

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com
View more jobs