Researchers at ReversingLabs said they discovered two npm open source packages that contained malicious code linked to open source malware known as TurkoRat.
NPM
Episode 248: GitHub’s Jill Moné-Corallo on Product Security And Supply Chain Threats
In this episode of the Security Ledger Podcast, Paul speaks with Jill Moné-Corallo, the Director of Product Security Engineering Response at GitHub. Jill talks about her journey from a college stint working at Apple’s Genius bar, to the information security space – first at product security at Apple and now at GitHub, a massive development platform that is increasingly in the crosshairs of sophisticated cyber criminals and nation-state actors.
Critical Flaw Found In Widely Used Netmask Open Source Module
An IP address parsing flaw in the netmask NPM module affects hundreds of thousands of applications that rely on it. But that may be just the tip of the iceberg, researchers warn.
Exploitable Flaw in NPM Private IP App Lurks Everywhere, Anywhere
A serious security flaw in a commonly used npm security module, private-ip, may affect hundreds of thousands of private and public applications.