Supply chain attack compromises LottieFiles npm package with crypto drainer

1 November 2024

Such an intrusion has prompted automated delivery of the malicious lottie-player NPM package versions among users who obtained the library through third-party content delivery networks, according to LottieFiles. “Versions 2.0.5, 2.0.6, 2.0.7 were published directly to https://npmjs.com over the course of an hour using a compromised access token from a developer with the required privileges,”

Source: SC Magazine

Date:

1 November 2024

Categorie(s):

NEWS

Tag(s):

Government Regulations, IT, News, Supply

Harnessing the Power of Data and AI – Sivan Tehila – FS #15 November 2024
A Kansas pig butchering: CEO who defrauded bank, church, friends gets 24 years5 November 2024
Canada Arrests Suspected Hacker Linked to Snowflake Data Breaches5 November 2024
Amazon Inspector suppression rules best practices for AWS Organizations5 November 2024
Building Cybersecurity Resilience: Strategies, Technologies, and Best Practices from Industry Leaders5 November 2024