2407 matches found
MAL-2023-717 Malicious code in qb2-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ccaba51ce2f483353a479caa2c736c3ae023bf6b83eace0030e7e1853d3605bc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-995 Malicious code in yandex-yt-yson-bindings (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ef8f5064d17e16f308f05ff124d515f803d1acfdc65fa58b4c26a8ac52041b2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-917 Malicious code in uitk-build-tasks (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 110ea806ffdaa3d8ec8d3a6982b9fc4a07d6613b3b02f7ae5a7f35928095db0b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @balea-telefonica/ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 563059871426877f31b5ba1bd33fda80482ee48032d184d83e400daf25d54b99 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Google Created 'Open Source Maintenance Crew' to Help Secure Critical Projects
Google on Thursday announced the creation of a new "Open Source Maintenance Crew" to focus on bolstering the security of critical open source projects. Additionally, the tech giant pointed out Open Source Insights as a tool for analyzing packages and their dependency graphs, using it to determine...
A scanning tool for open-sourced software packages? Yes, please!
The Open Source Security Foundation OpenSSF, a collective of industry leaders aimed at improving the security of open-source software OSS, recently announced the release of a prototype tool that scans for malicious packages in open source repositories. This tool, conveniently called Package...
Here's a New Tool That Scans Open-Source Repositories for Malicious Packages
The Open Source Security Foundation OpenSSF has announced the initial prototype release of a new tool that's capable of carrying out dynamic analysis of all packages uploaded to popular open source repositories. Called the Package Analysis project, the initiative aims to secure open-source packag...