Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries

Found 1 day ago ago at The Register

A single npm user on Thursday published 14 malicious packages within a four hour window, all mimicking popular OpenSearch, Elasticsearch, DevOps, and environment configuration libraries, according to Microsoft. Its the latest in a seemingly never ending string of supply chain attacks targeting developer tools , and stealing cloud credentials and CI CD pipeline secrets in its wake. Using a newly created maintainer alias, vpmdhaj a39155771@gmail[.]com, the threat actor published 14 packages...

Read the full article at The Register

More Developer News

Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries

Found 1 day ago at The Register

ChatGPT blindly trusts browser content, turning the page into a payload

Found 2 days ago at The Register

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

Found 2 days ago at Arstechnica

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

Found 2 days ago at All About Microsoft

Zig creator seeks 'uncompromising perfection' before blessing 1.0

Found 3 days ago at The Register