all InfoSec news
Researchers Hijack Popular NPM Package with Millions of Downloads
Feb. 16, 2023, 6:30 p.m. | info@thehackernews.com (The Hacker News)
The Hacker News thehackernews.com
"The package can be taken over by recovering an expired domain name for one of its maintainers and resetting the password," software supply chain security company Illustria said in a report.
While npm's security protections limit users to have only one active email address
account account takeover address attack domain domain name downloads email expired expired domain hijack maintainers name npm npm package package password popular report researchers security security protections software software supply chain software supply chain security supply supply chain supply chain security taken takeover vulnerable weekly
More from thehackernews.com / The Hacker News
Recover from Ransomware in 5 Minutes—We will Teach You How!
1 day, 12 hours ago |
thehackernews.com
How to Conduct Advanced Static Analysis in a Malware Sandbox
1 day, 13 hours ago |
thehackernews.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Information Security Engineers
@ D. E. Shaw Research | New York City
Security Solution Architect
@ Civica | London, England, United Kingdom
Information Security Officer (80-100%)
@ SIX Group | Zurich, CH
Cloud Information Systems Security Engineer
@ Analytic Solutions Group | Chantilly, Virginia, United States
SRE Engineer & Security Software Administrator
@ Talan | Mexico City, Spain