Package

Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials

Jul 27, 2024 by iHash Leave a Comment

Jul 27, 2024NewsroomCybersecurity / Cloud Security Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that targets Apple macOS systems with the goal of stealing users' Google Cloud credentials from a narrow pool of victims. The package, named "lr-utils-lib," attracted a total of 59 downloads before it was taken down. It … [Read more...] about Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials

Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users

Jun 3, 2024 by iHash Leave a Comment

Jun 03, 2024NewsroomSoftware Security / Supply Chain Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to drop a remote access trojan (RAT) on compromised systems. The package in question is glup-debugger-log, which targets users of the gulp toolkit by masquerading as a "logger for gulp and gulp plugins." It … [Read more...] about Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users

User Sign-Ups and Package Uploads Temporarily Halted

May 21, 2023 by iHash Leave a Comment

May 21, 2023Ravie LakshmananSoftware Security / Malware The maintainers of Python Package Index (PyPI), the official third-party software repository for the Python programming language, have temporarily disabled the ability for users to sign up and upload new packages until further notice. "The volume of malicious users and malicious projects being created on the index in the … [Read more...] about User Sign-Ups and Package Uploads Temporarily Halted

Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion

Mar 17, 2022 by iHash Leave a Comment

In what's yet another act of sabotage, the developer behind the popular "node-ipc" NPM package shipped a new version to protest Russia's invasion of Ukraine, raising concerns about security in the open-source and the software supply chain. Affecting versions 10.1.1 and 10.1.2 of the library, the changes introduced undesirable behavior by its maintainer RIAEvangelist, targeting … [Read more...] about Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion

Multiple Security Flaws Discovered in Popular Software Package Managers

Mar 11, 2022 by iHash Leave a Comment

Multiple security vulnerabilities have been disclosed in popular package managers that, if potentially exploited, could be abused to run arbitrary code and access sensitive information, including source code and access tokens, from compromised machines. It's, however, worth noting that the flaws require the targeted developers to handle a malicious package in conjunction with … [Read more...] about Multiple Security Flaws Discovered in Popular Software Package Managers

Popular NPM Package Hijacked to Publish Crypto-mining Malware

Oct 24, 2021 by iHash Leave a Comment

The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining and password-stealing malware embedded in "UAParser.js," a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to get rid of three rogue packages that were found to mimic the same library. The supply-chain attack targeting the … [Read more...] about Popular NPM Package Hijacked to Publish Crypto-mining Malware

Malicious NPM Package Caught Stealing Users’ Saved Passwords From Browsers

Jul 21, 2021 by iHash Leave a Comment

A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. The package in question, named "nodejs_net_server" and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its corresponding repository leading … [Read more...] about Malicious NPM Package Caught Stealing Users’ Saved Passwords From Browsers

Critical RCE Bug Found in Homebrew Package Manager for macOS and Linux

Apr 24, 2021 by iHash Leave a Comment

A recently identified security vulnerability in the official Homebrew Cask repository could have been exploited by an attacker to execute arbitrary code on users' machines that have Homebrew installed. The issue, which was reported to the maintainers on April 18 by a Japanese security researcher named RyotaK, stemmed from the way code changes in its GitHub repository were … [Read more...] about Critical RCE Bug Found in Homebrew Package Manager for macOS and Linux

JBL Flip 6 Portable Bluetooth Speaker (Open Box) for $74

Navee V25 300W Foldable e-Scooter for $299

Smart Tracker Includes Key Ring – Works with Apple Find My App (2-Pack) for $34

Harmony Premium Plan Lifetime Subscription for $99

Lenovo 11.6" 100e Chromebook 2nd Gen (2019) MediaTek MT8173C 4GB RAM 16GB eMMC (Refurbished) for $54