New Video: How SolarWinds Uses Spectra Assure for Next-Gen SSCS
Watch Now
Don't Get Haunted by Software Supply Chain Risks - Check Out Our October Webinar Series
Register Now
Now Available! Software Supply Chain Security for Dummies
Get the Guide
July 22, 2021

The Register: NPM is Now Providing Malware - or was until recently

NPM is Now Providing Malware – or was until recently

Password-stealing package outed by security firm evokes sense of déjà vu

Read more: https://www.theregister.com/2021/07/21/npm_malware_password/

Read ReversingLabs Research here: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords

MORE NEWS

SC Media: Why SBOMs are not enough to manage modern software risks
News | September 26, 2024
SC Media: Why SBOMs are not enough to manage modern software risks
Saša Zdjelar of ReversingLabs, explains why SBOM are a good first start, but aren’t enough to deliver secure software.
Read More
IT Brew: Suspected North Korean group appears to still be hoaxing devs into downloading malware
News | September 26, 2024
IT Brew: Suspected North Korean group appears to still be hoaxing devs into downloading malware
According to ReversingLabs, the hackers behind the effort are luring developers with fake job offers and instructing them to download PyPI packages with obfuscated malware from GitHub repositories as part of coding tests.
Read More
CISO Series: Cybersecurity News: Lazarus spoofs CapitalOne, Mastercard buys RecordedFuture, WordPress imposes 2FA
News | September 13, 2024
CISO Series: Cybersecurity News: Lazarus spoofs CapitalOne, Mastercard buys RecordedFuture, WordPress imposes 2FA
New research from Reversing Labs shows that the Lazarus Group is continuing its campaign of tempting targeting developers with malicious software packages on open-source repositories by posing as employees of the financial services firm Capital One.
Read More