Threat Post

Dev Sabotages Popular NPM Package to Protest Russian Invasion

In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module. The developer ...
InfoWorld

Java proposal would streamline module package imports

Allowing entire modules to be imported all at once would eliminate tedious typing and simplify the reuse of modular libraries in Java. Java would be enhanced with the ability to succinctly import all ...
Ars Technica

Go Module Mirror served backdoor to devs for 3+ years

A mirror proxy Google runs on behalf of developers of the Go programming language pushed a backdoored package for more than three years until Monday, after researchers who spotted the malicious code ...
Computing

PyPI package 'ctx' and PHP library 'phpass' hijacked to obtain AWS keys

Security researchers this week identified two corrupt Python and PHP packages in what appears to be yet another instance of a software supply chain attack targeting the open-source ecosystem. Python ...
TWCN Tech News

PowerShell Module Browser site lets you search for cmdlets & packages

The Redmond-based Microsoft Corporation has successfully turned on the PowerShell Module Browser site. Earlier this month, the Microsoft Docs team announced that the PowerShell Module Browser, a web ...