Security News > 2024 > October > Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems

2024-10-14 11:08
Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks. "Attackers can leverage these entry points to execute malicious code when specific commands are run, posing a widespread risk in the open-source landscape," Checkmarx researchers Yehuda
News URL
https://thehackernews.com/2024/10/supply-chain-attacks-exploit-entry.html
Related news
- North Korea targets crypto developers via NPM supply chain attack (source)
- Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' (source)
- AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacks (source)
- Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (source)
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)
- New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)