<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1076912843267184&amp;ev=PageView&amp;noscript=1">
The Buyer’s Guide to Software Supply Chain Security
Download Now!
Breaking Down NIST CSF 2.0 with NIST | Earn CPEs
Register Now
Gartner® Report: Mitigate Enterprise Software Supply Chain Risks
Get the Insights
July 18, 2019

Malicious libraries in package repositories reveal a fundamental security flaw

The proliferation of malicious packages in repositories for software developers that rely on typosquatting points to a problem: A reliance on flat namespaces

Tech Republic

Read more: https://www.techrepublic.com/article/malicious-libraries-in-package-repositories-reveal-a-fundamental-security-flaw/

If you want to take a deeper look at our research, check our blog: https://blog.reversinglabs.com/blog/suppy-chain-malware-detecting-malware-in-package-manager-repositories

MORE NEWS

Cybersecurity Insiders: Supply chain attacks demand a 3rd party risk re-think
News | August 14, 2023
Cybersecurity Insiders: Supply chain attacks demand a 3rd party risk re-think
Looked at from one angle, the recent attack on JumpCloud, a cloud-based identity and access management provider, was unsurprising.
Read More
Hack Read: VMCONNECT: Malicious PyPI Package Mimicking Common Python Tools
News | August 06, 2023
Hack Read: VMCONNECT: Malicious PyPI Package Mimicking Common Python Tools
Threat researchers at ReversingLabs, a software supply chain security and malware analysis platform, have discovered a malicious new PyPI package dubbed VMConnect on the Python Package Index (PyPI) repository.
Read More
The Hacker News: Malicious npm Packages Found Exfiltrating Sensitive Data from Developers
News | August 04, 2023
The Hacker News: Malicious npm Packages Found Exfiltrating Sensitive Data from Developers
Cybersecurity researchers have discovered a new bunch of malicious packages on the npm package registry that are designed to exfiltrate sensitive developer information.
Read More