The security team at npm (Node Package Manager), the de-facto package manager for the JavaScript ecosystem, has taken down today a malicious package that was caught stealing sensitive information from UNIX systems. The malicious package is named 1337qq-js and was uploaded on the npm repository on December 30, 2019. The package was downloaded at least 32 times, before it was spotted and today by Mi
"We are always working on improving our policies and expand on our commitments to the community," Ahmad Nassri, npm, Inc. CTO told ZDNet in an email this week. "To that end, we're making updates to our policies to be more explicit about the type of commercial content we do deem not acceptable." According to these upcoming updates, npm will ban: Packages that display ads at runtime, on installation
MEGA.nz Chrome extension caught stealing passwords, cryptocurrency private keys Tainted extension caught stealing passwords for Google, Microsoft, GitHub and Amazon accounts, but also Monero and Ethereum private keys. The official Chrome extension for the MEGA.nz file sharing service has been compromised with malicious code that steals usernames and passwords, but also private keys for cryptocurre
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
処理を実行中です
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く