Malicious NuGet Package Targets Stripe Developers
Malicious NuGet package mimicking Stripe's library targeted developers
Library security covers flaws in shared code components, dependency risks, and patching practices that can expose applications and their users.
Search across headline titles and summaries.
Background for this topic.
A library is a packaged collection of reusable code that an application incorporates rather than implementing itself. Libraries may be maintained internally, obtained from public repositories, or included indirectly through other dependencies. Their security properties therefore become part of the application’s attack surface, often without developers reviewing every function.
Security concerns include vulnerabilities in library code, unsafe defaults, malicious or tampered packages, and abandoned versions that no longer receive fixes. A vulnerable dependency may be exploitable only under specific conditions, so risk assessment should consider the affected code path and exposure rather than version numbers alone. Useful controls include pinning and reviewing dependency versions, verifying package provenance and integrity, tracking direct and transitive dependencies in an inventory such as an SBOM, scanning for known vulnerabilities, and testing updates before deployment. When a flaw is disclosed, maintainers need a process to identify affected applications, apply a compatible update or mitigation, and remove unsupported libraries.
Weekly headline count for the current query.
Malicious NuGet package mimicking Stripe's library targeted developers
A malicious npm package “nodejs-smtp” has been discovered impersonating nodemailer and injecting code to drain crypto wallets
The ICO has decided not to fine the British Library for a 2023 ransomware breach
The compromised ultralytics AI library delivered XMRig miner via GitHub Actions exploit
A supply chain attack on the Solana library utilizing malicious npm versions has exposed private keys, putting crypto funds at risk
One of these flaws detected using LLMs was in the widely used OpenSSL library
The non-profit digital library was also hit by at least two DDoS attacks in two days
Cisco Talos researchers found a flaw in eight Microsoft apps for macOS that could enable library injection attacks, putting sensitive data at risk
The attack exploits the polyfill.io domain, which was recently acquired by Funnull, a China-based entity
A flaw in the Rust standard library exposes Windows systems to command injection attacks
A backdoor in XZ Utils, a widely used file-compressing software in Linux systems, could have led to a critical supply chain attack had a Microsoft researcher not spotted it in time
A British Library report found the most likely source of the incident was the compromise of third-party account credentials and no MFA was in place to stop the attackers
The main British Library catalogue will be back online on Monday, January 15, as the institution continues its technical rebuild following the ransomware attack last year
New research from Check Point explores the significance of code manipulation in malware analysis
Reports suggest employee data is up for sale
Famed institution warns of ongoing disruption
Institution has contacted National Cyber Security Centre for support
Kaspersky found suspicious files in December 2022 which activated the komar65 library known as BUGHATCH
McAfee said the library registers device information and drains battery life and mobile data
The malicious software library can collect installed app lists, Wi-Fi and Bluetooth data, and more