all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Random pull request on public JS project repos using NPM

Add to bookmarks
Jan. 1, 2023, 8:19 a.m. | /u/bitingstack

cybersecurity www.reddit.com

This GitHub user is poking around on public repos, seems like trying to find exploits using automated GitHub workflows.

He's opening and closing pull requests (like [this one](https://github.com/deliveroo/merge-pr-to-branch/pull/38)) on projects using NPM, with "test" file changes on \`.gitignore\` and \`package.json\`.

[One PR](https://github.com/npm/statusboard/pull/616/files) seem to have a shell access preinstall script? [screenshot](https://imgur.com/4VV9aKG)

Is this malicious? If it is anybody knows which CVE is this?

automated cve cybersecurity exploits find github malicious npm project public random repos request workflows

Visit resource

More from www.reddit.com / cybersecurity

What are your go-to cybersecurity frameworks and why? 4 hours ago | www.reddit.com
can context cybersecurity cybersecurity frameworks +14
Password security 9 hours ago | www.reddit.com
characters cybersecurity information nothing +7
No, LLM Agents can not Autonomously Exploit One-day Vulnerabilities. 9 hours ago | www.reddit.com
agents can cybersecurity exploit +2
Microsoft: APT28 hackers exploit Windows flaw reported by NSA 13 hours ago | www.reddit.com
apt28 cybersecurity exploit flaw +5
Vulnerability Summary for the Week of April 15, 2024 | CISA 13 hours ago | www.reddit.com
april cisa cybersecurity vulnerability +1
SOC monitoring - Technical Guidance 13 hours ago | www.reddit.com
agents best practices building cybersecurity +17
Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware 15 hours ago | www.reddit.com
alto and response cybersecurity definition +13
GitHub comments abused to push malware via Microsoft repo URLs 17 hours ago | www.reddit.com
comments cybersecurity github malware +3
Is Microsoft a national security risk? 18 hours ago | www.reddit.com
competition cybersecurity giant government +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Werkstudent (w/m/d) - Cyber Security

@ IONOS | Karlsruhe, Germany
View on infosec-jobs.com

Security Operations Manager

@ BambooHR | Utah | Hybrid
View on infosec-jobs.com

Senior Risk and Compliance Analyst

@ Cricket.com | Hyderabad
View on infosec-jobs.com

Cyber Security Architect

@ Lilium | Munich
View on infosec-jobs.com

Senior Security Analyst

@ BETSOL | Bengaluru, India
View on infosec-jobs.com
View more jobs