Package Repository Security

CISA and OpenSSF Release Framework for Package Repository Security

CISA and OpenSSF Release Framework for Package Repository Security Feb 12, 2024The Hacker NewsInfrastructure Security / Software Supply Chain The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that it’s partnering with the Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group to publish a new framework to secure Read more…

Npm malware

Npm Trojan Bypasses UAC, Installs AnyDesk with “Oscompatible” Package

Npm Trojan Bypasses UAC, Installs AnyDesk with “Oscompatible” Package Jan 19, 2024NewsroomSoftware Security / Spyware A malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows machines. The package, named “oscompatible,” was published on January 9, 2024, attracting a total of Read more…