0x40k<p>Man, npm and supply chain security... seriously a never-ending story. 🙄 Just caught an article about "ethers-provider2" and "ethers-providerz". Get this: these things are actually infecting packages you *already* have installed! 🤯</p><p>Speaking as a pentester, let me tell ya: you absolutely *have* to run regular checks. Your `package-lock.json`, `yarn.lock`... check 'em all! Trust me, SCA tools are worth their weight in gold in these situations. And listen up, people, MFA for your npm account? That's not some optional extra, it's a straight-up *MUST*!</p><p>I literally just had a client who thought, "Ah, npm's pretty safe, right?". Yeah, famous last words! 🤦♂️</p><p>So, what're your most insane supply chain attack stories? Lay 'em on me!</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/supplychain" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>supplychain</span></a> <a href="https://infosec.exchange/tags/npmsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npmsecurity</span></a></p>
mastodon.ie is one of the many independent Mastodon servers you can use to participate in the fediverse.
Irish Mastodon - run from Ireland, we welcome all who respect the community rules and members.
Administered by:
Server stats:
1.6Kactive users
mastodon.ie: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#npmsecurity
0 posts · 0 participants · 0 posts today
flagthis<p>Malicious npm packages stole Ethereum developer keys; 1000+ downloads affected. <a href="https://ioc.exchange/tags/EthereumSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EthereumSecurity</span></a> <a href="https://ioc.exchange/tags/NpmSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NpmSecurity</span></a> <a href="https://ioc.exchange/tags/SupplyChainAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SupplyChainAttack</span></a> <br> <br>More details: <a href="https://ciso2ciso.com/malicious-npm-packages-target-ethereum-developers-source-securityaffairs-com" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/malicious-npm-pa</span><span class="invisible">ckages-target-ethereum-developers-source-securityaffairs-com</span></a> - <a href="https://www.flagthis.com/news/8465" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">flagthis.com/news/8465</span><span class="invisible"></span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload