Just like Hollywood has its own celebrities and well-known actors, the world of malicious open-source packages also has its own notorious players. And just like Hollywood stars, these threat actors don’t always stay in the spotlight. They can take breaks
Checkmarx SCS team recently detected several malicious NPM packages using a new evasion technique, enhancing dependency confusion attacks to help malicious packages avoid detection. This novel technique tries to avoid being detected by security scanners or AppSec platforms, which sometimes
Intro A few weeks ago, we wrote about a new threat actor we called RED-LILI and described their capabilities, including an in-depth walkthrough of the automated system for publishing malicious NPM packages from automatically created user accounts.After our publication, we
©2023 Checkmarx Ltd. All Rights Reserved. iISO/IEC 27001:2013 Certified
