Lucene search
K

10 matches found

The Hacker News
The Hacker News
added 2023/11/17 9:56 a.m.58 views

27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts

An unknown threat actor has been observed publishing typosquat packages to the Python Package Index PyPI repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain. The 27 package...

7.6AI score
Exploits0
HackRead
HackRead
added 2023/11/16 9:3 p.m.14 views

New Protestware Uses npm Packages to Call for Peace in Gaza and Ukraine

By Waqas Apart from displaying these messages, the packages performed no other actions. This indicates that these aren't malicious per se. This is a post from HackRead.com Read the original post: New Protestware Uses npm Packages to Call for Peace in Gaza and Ukraine...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/05/09 10:49 a.m.19 views

A scanning tool for open-sourced software packages? Yes, please!

The Open Source Security Foundation OpenSSF, a collective of industry leaders aimed at improving the security of open-source software OSS, recently announced the release of a prototype tool that scans for malicious packages in open source repositories. This tool, conveniently called Package...

7.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/04/13 7:30 p.m.11 views

[Security Nation] Kate Stewart on Open-Source Projects at the Linux Foundation

!\Security Nation\ Kate Stewart on Open-Source Projects at the Linux Foundationhttps://blog.rapid7.com/content/images/2022/04/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod chat with Kate Stewart, VP of Dependable Embedded Systems at the Linux Foundation, about the...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2022/04/02 5:17 a.m.59 views

15-Year-Old Bug in PEAR PHP Repository Could've Enabled Supply Chain Attacks

A 15-year-old security vulnerability has been disclosed in the PEAR PHP repository that could permit an attacker to carry out a supply chain attack, including obtaining unauthorized access to publish rogue packages and execute arbitrary code. "An attacker exploiting the first one could take over...

7.5CVSS0.7AI score0.70595EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2022/03/28 10:17 a.m.20 views

A week in security (March 21 – 27)

Last week on Malwarebytes Labs: Anti-war open-source software developer targets Russians and Belarussians with “protestware” Elden Ring exploit traps players in infinite death loop Update now! Many HP printers affected by three critical security vulnerabilities White House urges US businesses:...

2.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/03/25 12:7 a.m.49 views

Anti-war open-source software developer targets Russians and Belarussians with “protestware”

Russia is in the midst of its fourth week of attack against Ukraine. People worldwide have been increasingly and passionately showing support for Ukrainians since day one while condemning the atrocities of Russian President Vladimir Putin, the Russian military, and Belarus, its allied country...

10CVSS0.4AI score0.04194EPSS
Exploits1
Schneier on Security
Schneier on Security
added 2022/03/21 3:22 p.m.21 views

Developer Sabotages Open-Source Software Package

This is a big deal: A developer has been caught adding malicious code to a popular open-source package that wiped files on computers located in Russia and Belarus as part of a protest that has enraged many users and raised concerns about the safety of free and open source software. The applicatio...

0.9AI score
Exploits0
Snyk
Snyk
added 2022/03/18 8:47 a.m.1 views

Undesired Behavior

Overview event-source-polyfill is an A polyfill for http://www.w3.org/TR/eventsource/ Affected versions of this package are vulnerable to Undesired Behavior. This package geo-locates users based on their IP address and if the user is Russia-based prints a political protest message in the browser ...

5.3CVSS6.7AI score
Exploits0References2
Krebs on Security
Krebs on Security
added 2022/03/17 10:33 p.m.19 views

Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware

Researchers are tracking a number of open-source "protestware" projects on GitHub that have recently altered their code to display "Stand with Ukraine" messages for users, or basic facts about the carnage in Ukraine. The group also is tracking several code packages that were recently modified to...

Exploits0
Rows per page
Query Builder