Skip to content
Linkedin-in Envelope Map-marker-alt
×
  • Italian
  • English
SecurityIT | Cyber Security Consulting
 
  • Home
  • Company
    • About Us
    • Culture and values
    • Il team
    • ISO certified company
    • Mission
  • Training
    • List of courses
  • Cyber security
    • Penetration test
    • ADVICE ISO / IEC 27001
    • Consulenza informatica in ambito privacy
    • Vulnerability assessment consulting
    • Payment card industry data security standard
    • Business continuity management e disaster recovery
    • Code security review
    • Mobile protection
    • Services of cyber threat intelligence
    • Forensic analysis and investigation
    • Social media Security
  • Integration Systems IT
    • Solutions
  • News
  • Contacts
×
  • Home
  • Company
    • About Us
    • Culture and values
    • Il team
    • ISO certified company
    • Mission
  • Training
    • List of courses
  • Cyber security
    • Penetration test
    • ADVICE ISO / IEC 27001
    • Consulenza informatica in ambito privacy
    • Vulnerability assessment consulting
    • Payment card industry data security standard
    • Business continuity management e disaster recovery
    • Code security review
    • Mobile protection
    • Services of cyber threat intelligence
    • Forensic analysis and investigation
    • Social media Security
  • Integration Systems IT
    • Solutions
  • News
  • Contacts
SecurityIT | Cyber Security Consulting
 
  • Home
  • Company
    • About Us
    • Culture and values
    • Il team
    • ISO certified company
    • Mission
  • Training
    • List of courses
  • Cyber security
    • Penetration test
    • ADVICE ISO / IEC 27001
    • Consulenza informatica in ambito privacy
    • Vulnerability assessment consulting
    • Payment card industry data security standard
    • Business continuity management e disaster recovery
    • Code security review
    • Mobile protection
    • Services of cyber threat intelligence
    • Forensic analysis and investigation
    • Social media Security
  • Integration Systems IT
    • Solutions
  • News
  • Contacts
×
  • Home
  • Company
    • About Us
    • Culture and values
    • Il team
    • ISO certified company
    • Mission
  • Training
    • List of courses
  • Cyber security
    • Penetration test
    • ADVICE ISO / IEC 27001
    • Consulenza informatica in ambito privacy
    • Vulnerability assessment consulting
    • Payment card industry data security standard
    • Business continuity management e disaster recovery
    • Code security review
    • Mobile protection
    • Services of cyber threat intelligence
    • Forensic analysis and investigation
    • Social media Security
  • Integration Systems IT
    • Solutions
  • News
  • Contacts

Category: NPM

  1. Home
  2. NPM

Bitwarden NPM Package Hit in Supply Chain Attack

Tied to a fresh Checkmarx supply chain attack claimed by TeamPCP, the incident references the Shai-Hulud worm.

The post Bitwarden NPM Package Hit in Supply Chain Attack appeared first on SecurityWeek.

Guardarian Users Targeted With Malicious Strapi NPM Packages

Hackers published 36 NPM packages posing as Strapi plugins to execute shells, escape containers, and harvest credentials.

The post Guardarian Users Targeted With Malicious Strapi NPM Packages appeared first on SecurityWeek.

Axios NPM Package Breached in North Korean Supply Chain Attack

A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored package versions.

The post Axios NPM Package Breached in North Korean Supply Chain Attack appeared first on SecurityWeek.

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.

The post From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI appeared first on SecurityWeek.

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM

The malicious code propagates like a worm, poisons AI assistants, exfiltrates secrets, and contains a destructive dead switch.

The post New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM appeared first on SecurityWeek.

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

The protections against NPM supply chain attacks could be bypassed, leading to arbitrary code execution.

The post ‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks appeared first on SecurityWeek.

Critical Vulnerability Patched in jsPDF

The bug can allow attackers to read arbitrary files from the system, potentially exposing configurations and credentials.

The post Critical Vulnerability Patched in jsPDF appeared first on SecurityWeek.

NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data

The package provides legitimate functionality to evade detection, while stealing users’ data and deploying a backdoor.

The post NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data appeared first on SecurityWeek.

640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack

The new self-replicating worm iteration has destructive capabilities, erasing home directory contents if it cannot spread to more repositories.

The post 640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack appeared first on SecurityWeek.

Amazon Detects 150,000 NPM Packages in Worm-Powered Campaign 

A financially motivated threat actor automated the package publishing process in a coordinated tea.xyz token farming campaign.

The post Amazon Detects 150,000 NPM Packages in Worm-Powered Campaign  appeared first on SecurityWeek.

  • 1
  • 2
  • 3
  • Next
SecurityIT | Cyber Security Consulting
Linkedin-in Envelope Map-marker-alt

The group

  • Company
  • ISO certified company
  • About Us
  • Team
  • Culture and values
  • Mission
×
  • Company
  • ISO certified company
  • About Us
  • Team
  • Culture and values
  • Mission

Services

  • Computer consulting services
  • Social media Security
  • Forensic analysis and investigation
  • Services of cyber threat intelligence
  • Mobile protection
  • Code security review
  • Business continuity management e disaster recovery
  • Payment card industry data security standard
  • Vulnerability assessment consulting
  • Consulenza informatica in ambito privacy
  • ADVICE ISO / IEC 27001
  • Penetration test
×
  • Computer consulting services
  • Social media Security
  • Forensic analysis and investigation
  • Services of cyber threat intelligence
  • Mobile protection
  • Code security review
  • Business continuity management e disaster recovery
  • Payment card industry data security standard
  • Vulnerability assessment consulting
  • Consulenza informatica in ambito privacy
  • ADVICE ISO / IEC 27001
  • Penetration test

© show.it | All Rights Reserved | VAT 06984320017 | Privacy Policy | Cookie Policy | Made by incio.it

My Agile Privacy®
✕

This site uses technical and profiling cookies. 

You can accept, reject, or customize the cookies by clicking the desired buttons. 

By closing this notice, you will continue without accepting. 

AcceptRefuseCustomize
Consent

Privacy Settings

This website uses cookies to improve your experience while you navigate through the website.

Google AnalyticsAlways Enabled

Google Analytics è un servizio di analisi web fornito da Google Ireland Limited (“Google”). Google utilizza i dati personali raccolti per tracciare ed esaminare l’uso di questo sito web, compilare report sulle sue attività e condividerli con gli altri servizi sviluppati da Google. Google può utilizzare i tuoi dati personali per contestualizzare e personalizzare gli annunci del proprio network pubblicitario. Questa integrazione di Google Analytics rende anonimo il tuo indirizzo IP. I dati inviati vengono collezionati per gli scopi di personalizzazione dell'esperienza e il tracciamento statistico. Trovi maggiori informazioni alla pagina "Ulteriori informazioni sulla modalità di trattamento delle informazioni personali da parte di Google".

Luogo del trattamento: Irlanda - Privacy Policy

Additional consents:

Ad Storage
Ad Storage
Defines whether cookies related to advertising can be read or written by Google.
Ad User Data
Ad User Data
Determines whether user data can be sent to Google for advertising purposes.
Ad Personalization
Ad Personalization
Controls whether personalized advertising (for example, remarketing) can be enabled.
Analytics Storage
Analytics Storage
Defines whether cookies associated with Google Analytics can be read or written.
Cloudflare Web Analytics
Cloudflare Web Analytics

Cloudflare Web Analytics è un servizio di statistica anonimizzata fornito da Cloudflare Inc. che permette al Titolare di ottenere informazioni sull’utilizzo di questo sito web.

Privacy Policy

Google Maps widget
Google Maps widget

Google Maps è un servizio di visualizzazione di mappe gestito da Google Ireland Limited. Questo servizio serve ad integrare tali contenuti all’interno delle proprie pagine.

Luogo del trattamento: Irlanda - Privacy Policy

Google reCAPTCHA
Google reCAPTCHA

Google reCAPTCHA è un servizio di protezione dallo SPAM fornito da Google Ireland Limited.

L'utilizzo del sistema reCAPTCHA è soggetto alla privacy policy  secondo termini di utilizzo di Google.

Luogo del trattamento: Irlanda - Privacy Policy

Gravatar
Gravatar

Gravatar è un servizio di visualizzazione di immagini gestito da Automattic Inc. che permette a Automattic Inc. di integrare tali contenuti all’interno delle proprie pagine.

Luogo del trattamento: Stati Uniti - Privacy Policy

GDPR Cookie Banner by My Agile Privacy®