Sam Stepanyan :verified: 🐘<p><a href="https://infosec.exchange/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NPM</span></a>: Two malicious packages were discovered on npm (<a href="https://infosec.exchange/tags/NodeJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NodeJS</span></a> package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor:<br><a href="https://infosec.exchange/tags/SoftwareSupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SoftwareSupplyChainSecurity</span></a><br>👇<br><a href="https://www.bleepingcomputer.com/news/security/new-npm-attack-poisons-local-packages-with-backdoors/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/new-npm-attack-poisons-local-packages-with-backdoors/</span></a></p>
lepoulsdumonde.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Small french Mastodon instance for friends, family and useful bots
Administered by:
Server stats:
52active users
lepoulsdumonde.com: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.0-alpha.4
#SoftwareSupplyChainSecurity
3 posts · 2 participants · 0 posts today
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload