Tech

Sabotage: Code added to popular NPM package wiped files in Russia and Belarus

Enlarge (credit: Getty Images) The developer of a popular open source package has been caught adding malicious code to that package, which wiped files from computers located in Russian federation and Belarus, in a protest that has enraged many users and raised concerns about the safety of free and open source software. The application, node. […]

Tech

NPM package with 3 million weekly downloads had a severe vulnerability

Enlarge (credit: Getty Images) Popular NPM package “pac-resolver” has fixed a severe remote code execution (RCE) flaw. The pac-resolver package receives over 3 million weekly downloads, extending this vulnerability to Node.js applications relying on the open source dependency. Pac-resolver touts itself as a module that accepts JavaScript proxy configuration files and generates a function for […]

Tech

Ahoy, there’s malice in your repos—PyPI is the latest to be abused

Enlarge (credit: Getty Images) Counterfeit packages downloaded roughly 5,000 times from the official Python repository contained secret code that installed cryptomining software on infected machines, a security researcher has found. The malicious packages, which were available on the PyPI repository, in many cases used names that mimicked those of legitimate and often widely used packages […]