Jossef Harush

October 31, 2024
With 2FA Enabled: NPM Package lottie-player Taken Over by Attackers

Read More

January 2, 2024
When “Everything” Goes Wrong: NPM Dependency-Hell Campaign – 2024 Edition 

Read More

November 27, 2023
The Hidden Supply Chain Risks in Open-Source AI Models 

Read More

August 9, 2023
Popular NuGet Package “Moq” Silently Exfiltrates User Data to Cloud Service

Read More

March 2, 2023
CocoaPods Subdomain Hijacked: This is How

Read More

December 14, 2022
How 140k NuGet, NPM, and PyPi Packages Were Used to Spread Phishing Links

Read More

October 7, 2022
LofyGang – Software Supply Chain Attackers; Organized, Persistent, and Operating for Over a Year

Read More

August 14, 2022
Typosquatting Campaign Targeting Python’s Top Packages, Dropping GitHub Hosted Malware with DGA Capabilities

Read More

August 3, 2022
Large Scale Campaign Created Fake GitHub Projects Clones with Fake Commit Added Malware

Read More