mastodon.ie

Cindʎ Xiao 🍉Great analysis of the malware distributed with the esling-config-prettier NPM package compromise on Friday: <a href="https://c-b.io/2025-07-20+-+Install+Linters%2C+Get+Malware+-+DevSecOps+Speedrun+Edition" rel="nofollow noopener" translate="no" target="_blank">https://c-b.io/2025-07-20+-+Install+Linters%2C+Get+Malware+-+DevSecOps+Speedrun+Edition</a>By <a href="https://bsky.app/profile/c-b.io" rel="nofollow noopener" target="_blank">c-b.io on Bluesky</a> / <a href="https://x.com/cyb3rjerry" rel="nofollow noopener" target="_blank">cyb3rjerry on Twitter</a> :D<a href="https://infosec.exchange/tags/malwareanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#malwareanalysis</a> <a href="https://infosec.exchange/tags/reverseengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#reverseengineering</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#npm</a> <a href="https://infosec.exchange/tags/npmsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#npmsecurity</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/reversing" class="mention hashtag" rel="nofollow noopener" target="_blank">#reversing</a>

0x40kMan, npm and supply chain security... seriously a never-ending story. 🙄 Just caught an article about "ethers-provider2" and "ethers-providerz". Get this: these things are actually infecting packages you *already* have installed! 🤯Speaking as a pentester, let me tell ya: you absolutely *have* to run regular checks. Your `package-lock.json`, `yarn.lock`... check 'em all! Trust me, SCA tools are worth their weight in gold in these situations. And listen up, people, MFA for your npm account? That's not some optional extra, it's a straight-up *MUST*!I literally just had a client who thought, "Ah, npm's pretty safe, right?". Yeah, famous last words! 🤦‍♂️So, what're your most insane supply chain attack stories? Lay 'em on me!<a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/supplychain" class="mention hashtag" rel="nofollow noopener" target="_blank">#supplychain</a> <a href="https://infosec.exchange/tags/npmsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#npmsecurity</a>

flagthisMalicious npm packages stole Ethereum developer keys; 1000+ downloads affected. <a href="https://ioc.exchange/tags/EthereumSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#EthereumSecurity</a> <a href="https://ioc.exchange/tags/NpmSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#NpmSecurity</a> <a href="https://ioc.exchange/tags/SupplyChainAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChainAttack</a> More details: <a href="https://ciso2ciso.com/malicious-npm-packages-target-ethereum-developers-source-securityaffairs-com" rel="nofollow noopener" translate="no" target="_blank">https://ciso2ciso.com/malicious-npm-packages-target-ethereum-developers-source-securityaffairs-com</a> - <a href="https://www.flagthis.com/news/8465" rel="nofollow noopener" translate="no" target="_blank">https://www.flagthis.com/news/8465</a>

Recent searches

Search options

Administered by:

Server stats:

#npmsecurity