Aviad Gershon

Category //

Aviad Gershon

Recently Discovered Supply-chain Worm

Malicious Python Packages with Self-spreading Capabilities Caught Stealing Browser Credentials, Discord Tokens, and System Information. The malicious package is able to steal the user’s password from their Chrome browser, along with Discord tokens and system information, and exfiltrate this data

Read More »

Attackers Write Bugs as Well!

A new attempt to compromise a popular NPM package had occurred in the past few hours. The popular COA (Command-Option-Argument) package is a parser for command line options with around 9 million weekly downloads, and a long list of dependent

Read More »

UAParser.js – Attack & Preparations

A few days ago, CISA published an alert regarding malicious code discovered in an NPM package with close to 8 million weekly downloads, ”ua-parser-js”. A few days before, security researchers from Sonatype published a blog post reporting 3 malicious NPM package.  A few connecting lines between these two incidents seems to suggest they are related.  Looking

Read More »
Skip to content