2 matches found
Malicious code in paypal-payouts-bridge (npm)
Malicious npm package published by the microsop threat actor as part of a dependency-confusion campaign that impersonates internal tooling at Microsoft, Google Cloud, and PayPal using inflated semver values e.g. 99.9.x, 100.1.x to win npm resolution against private internal packages. All packages...
Magecart Group Switches Up Tactics with MiTM, Phishing
A fresh splinter group under the Magecart umbrella has been discovered ramping up activity starting in August-September of 2019. It’s using a unique codebase and different tactics to carry out its attacks, according to researchers. Magecart is an umbrella term encompassing several different threa...