Cybersecurity

5 readers

14 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

founded 2 years ago

MODERATORS

shellsharks@fedia.io

tweedge@fedia.io

Supply chain attack hits #npm package with 45,000 weekly downloads (mastodon.thenewoil.org)

submitted 3 weeks ago by thenewoil@mastodon.thenewoil.org to c/cybersecurity@fedia.io

1 comments fedilink hide all child comments

Supply chain attack hits #npm package with 45,000 weekly downloads

https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-npm-package-with-45-000-weekly-downloads/

#cybersecurity #RandUserAgent

top 1 comments

sorted by: hot top controversial new old

[–] leds 1 points 3 weeks ago

Saved you a click (bait)

An npm package named 'rand-user-agent' has been compromised in a supply chain attack to inject obfuscated code that activates a remote access trojan (RAT) on the user's system.

The 'rand-user-agent' package is a tool that generates randomized user-agent strings, which is helpful in web scraping, automated testing, and security research.