all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

NPM ecosystem at risk from “Manifest Confusion” attacks

Add to bookmarks
June 28, 2023, 2:28 p.m. | Bill Toulas

BleepingComputer www.bleepingcomputer.com

The NPM (Node Package Manager) registry suffers from a security lapse called "manifest confusion," which undermines the trustworthiness of packages and makes it possible for attackers to hide malware in dependencies or perform malicious script execution during installation. [...]

attackers attacks called dependencies ecosystem hide installation lapse malicious malware manager manifest node node package manager npm package package manager packages registry risk script security trustworthiness

Visit resource

More from www.bleepingcomputer.com / BleepingComputer

French hospital CHC-SV refuses to pay LockBit extortion demand 58 minutes ago | www.bleepingcomputer.com
demand extortion france french +12
CISA says GitLab account takeover bug is actively exploited in attacks an hour ago | www.bleepingcomputer.com
account accounts account takeover actively exploited +14
Microsoft: April Windows Server updates cause NTLM auth failures 2 hours ago | www.bleepingcomputer.com
april auth authentication customer +13
Microsoft says April Windows updates break VPN connections 3 hours ago | www.bleepingcomputer.com
april connections microsoft security +11
Qantas app exposed sensitive traveler details to random users 4 hours ago | www.bleepingcomputer.com
airways app customers exposed +7
New Cuttlefish malware infects routers to monitor traffic for credentials 4 hours ago | www.bleepingcomputer.com
authentication credentials data enterprise +11
New Latrodectus malware attacks use Microsoft, Cloudflare themes 19 hours ago | www.bleepingcomputer.com
attacks azure campaigns cloudflare +17
Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach 21 hours ago | www.bleepingcomputer.com
attackers breach daily data +11
R language flaw allows code execution via RDS/RDX files 22 hours ago | www.bleepingcomputer.com
arbitrary code arbitrary code execution code code execution +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

EY- GDS- Cybersecurity- Staff

@ EY | Miguel Hidalgo, MX, 11520
View on infosec-jobs.com

Staff Security Operations Engineer

@ Workiva | Ames
View on infosec-jobs.com

Public Relations Senior Account Executive (B2B Tech/Cybersecurity/Enterprise)

@ Highwire Public Relations | Los Angeles, CA
View on infosec-jobs.com

Airbus Canada - Responsable Cyber sécurité produit / Product Cyber Security Responsible

@ Airbus | Mirabel
View on infosec-jobs.com

Investigations (OSINT) Manager

@ Logically | India
View on infosec-jobs.com

Security Engineer I, Offensive Security Penetration Testing

@ Amazon.com | US, NY, Virtual Location - New York
View on infosec-jobs.com
View more jobs