Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

IconBurst: NPM software supply chain attack grabs data from apps, websites
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

IconBurst: NPM software supply chain attack grabs data from apps, websites

DPDP Administrator, The Domain Guy
edited July 2022 in News

DP's CPN (Copy & Paste News) ✌️

ReversingLabs researchers have uncovered a widespread campaign to install malicious NPM modules that are harvesting sensitive data from forms embedded in mobile applications and websites.

Reference: https://blog.reversinglabs.com/blog/iconburst-npm-software-supply-chain-attack-grabs-data-from-apps-websites

End of DP's CPN (Copy & Paste News) ✌️
Thanked by 2tjn bulbasaur

Comments

  • bulbasaurbulbasaur Member
    edited July 2022

    Tinyweasel would be proud.

    Maybe people need to write integration tests that load their webpages and verify that the requested domains match the expected ones.

    Thanked by 1gzz
Sign In or Register to comment.