Attackers cause Discord discord with malicious npm packages

The malware is hidden in four malicious npm modules: small-sm, pern-valids, lifeculer, and proc-title. These were dressed up to appear to be useful, innocent libraries that developers then pull into their applications and execute.

Software supply chains have long been targets of attackers, particularly those targeting frameworks like shopping carts or development tooling, according to Tim Mackey, principal security strategist at Synopsis' Cybersecurity Research Center. The detection of LofyLife comes as GitHub makes a few changes to npm. That includes a streamlined login and publish experience in the npm CLI and the ability to connect GitHub and Twitter accounts to npm. In addition, all npm packages were re-signed, and GitHub added a new npm CLI command for auditing the integrity of the package.

United Kingdom Latest News, United Kingdom Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

Woman sexually assaulted in Paisley town centre on Sunday morningThe 41-year-old victim was left shaken as a result and is currently being provided support by specialist officers.
Source: Glasgow_Times - 🏆 76. / 59 Read more »

Warning after bonfire embers spark countryside blazeFirefighters have urged people not to have open fires at the moment due to the dry conditions.
Source: ShropshireStar - 🏆 98. / 51 Read more »

All Of Emma Watson’s Most Surprising Red-Carpet MomentsThe looks that caused the biggest stir. She has never worn anything stirring. Be serious.
Source: BritishVogue - 🏆 14. / 80 Read more »

Google: London cloud outage limited impact of incidentCan't say what caused cooling failure, admits to re-routing traffic away from working resources
Source: TheRegister - 🏆 67. / 61 Read more »

Biker injured in crash on B1190 Doddigton road in LincolnThis has caused traffic delays this morning Lincoln
Source: thelincolnite - 🏆 121. / 51 Read more »