-
Ubuntu 'command-not-found' tool can be abused to spread malware
A logic flaw between Ubuntu's 'command-not-found' package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users.
- February 14, 2024
- 11:00 AM
0
-
Malicious Solana, Kucoin packages infect NuGet devs with SeroXen RAT
Malicious NuGet packages appearing to have over 2 million downloads impersonate crypto wallets, crypto exchange, and Discord libraries to infect developers with the SeroXen remote access trojan.
- October 12, 2023
- 01:40 PM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
SSH keys stolen by stream of malicious PyPI and npm packages
A stream of malicious npm and PyPi packages have been found stealing a wide range of sensitive data from software developers on the platforms.
- September 27, 2023
- 05:48 PM
- 1
-
Fake VMware vConnector package on PyPI targets IT pros
A malicious package that mimics the VMware vSphere connector module 'vConnector' was uploaded on the Python Package Index (PyPI) under the name 'VMConnect,' targeting IT professionals.
- August 04, 2023
- 07:37 AM
- 0
-
New Python tool checks NPM packages for manifest confusion issues
A security researcher and system administrator has developed a tool that can help users check for manifest mismatches in packages from the NPM JavaScript software registry.
- July 04, 2023
- 07:01 AM
- 0
-
NPM ecosystem at risk from “Manifest Confusion” attacks
The NPM (Node Package Manager) registry suffers from a security lapse called "manifest confusion," which undermines the trustworthiness of packages and makes it possible for attackers to hide malware in dependencies or perform malicious script execution during installation.
- June 28, 2023
- 10:28 AM
- 0
-
Microsoft WinGet package manager failing from expired SSL certificate
Microsoft's WinGet package manager is currently having problems installing or upgrading packages after WinGet CDN's SSL/TLS certificate expired.
- February 11, 2023
- 11:37 PM
- 1
-
Microsoft WinGet package manager failing due to CDN issues
Microsoft's WinGet package manager is currently having problems installing or upgrading packages due to the Azure Content Delivery Network (CDN) returning a 0-byte database file.
- November 07, 2022
- 02:12 PM
- 0
-
New npm timing attack could lead to supply chain attacks
Security researchers have discovered an npm timing attack that reveals the names of private packages so threat actors can release malicious clones publicly to trick developers into using them instead.
- October 12, 2022
- 11:16 AM
- 0
-
Windows 10's package manager flooded with duplicate, malformed apps
Microsoft's Windows 10 package manager Winget's GitHub has been flooded with duplicate apps and malformed manifest files raising concerns among developers with regards to the integrity of apps.
- June 01, 2021
- 11:15 AM
- 4
-
Microsoft releases first Windows 10 package manager stable version
Microsoft has released the first stable version of the native Winget Windows 10 package manager that helps you manage applications directly from the command line.
- May 26, 2021
- 03:10 PM
- 3
-
Windows 10 package manager can now remove any app from the command line
The Windows 10 package manager is getting some new and exciting features that allow you to manage any installed applications directly from the command line.
- April 25, 2021
- 01:02 PM
- 1
-
Malicious NPM packages target Amazon, Slack with new dependency attacks
Threat actors are targeting Amazon, Zillow, Lyft, and Slack NodeJS apps using the new 'Dependency Confusion' vulnerability to steal Linux/Unix password files and open reverse shells back to the attackers.
- March 02, 2021
- 12:14 AM
- 0
-
Managing Windows 10 apps with the Chocolatey package manager
Chocolatey is designed for both consumers (general users) and businesses, thanks to the easy to understand user interface and a suite of powerful features for existing programs deployment infrastructure.
- November 07, 2020
- 12:30 PM
- 0
-
Windows 10 Package Manager can now install Microsoft Store apps
Microsoft released a new version of the Windows 10 WinGet Package Manager that adds experimental features, including the ability to install applications from the Microsoft Store and a command auto-completion feature.
- September 23, 2020
- 09:29 AM
- 1
-
Windows 10's Winget Package Manager gets third-party front ends
Windows 10's Winget package manager is an excellent tool for installing popular applications, but it only works from the command line. To make it easier to find apps and install them, third-party developers have released front-ends for Windows 10's new package manager.
- May 30, 2020
- 02:54 PM
- 4
-
Winget: How to use Windows 10's new native Package Manager
Microsoft has finally revealed a long requested feature; a Windows package manager called winget that allows you to easily install applications from the command line.
- May 23, 2020
- 10:40 AM
- 1
