Open Source Poisoned Patches Infect Local Software
Malicious packages lurking on open source repositories like npm have become less effective, so cyberattackers are using a new strategy: offering "patches" for locally installed programs.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Malicious packages lurking on open source repositories like npm have become less effective, so cyberattackers are using a new strategy: offering "patches" for locally installed programs.
Security engineer outlines self-help strategy for keeping software supply chain safe Following the recent disclosure of a technique for hijacking certain NPM packages, security engineer Danish Tariq has proposed a defensive strategy for those looking to assess whether their web apps include dependencies tied to subvertable email domains.…