Npm Attackers Sneak a Backdoor into Node.js Deployments through Dependencies

8 May 2018

Maintainers of the npm registry for JavaScript code have recently identified what appeared to be a software supply-chain attack that took advantage of the nested dependency model of Node.js modules. After being notified by members of the development community, the npm security team recently began investigating three suspicious packages and one of them turned out to include a backdoor or a secret entranceway unbeknownst by users.

Read full news article on The New Stack

Date:

8 May 2018

Categorie(s):

NEWS

Tag(s):

Backdoors, Dependencies, Deployment, Development, Global, Integration, Nodes, Npm, Top Stories

Google launches 1B passkey authentications and new security updates2 May 2024
Three-Quarters of CISOs Admit App Security Incidents2 May 2024
New SOHO router malware aims for cloud accounts, internal company resources2 May 2024
Security Breach Exposes Dropbox Sign Users2 May 2024
Six common developer security fails that lead to cloud risks2 May 2024