This Week in Malware—killing Windows Defender with an npm package

By Ax Sharma on June 17, 2022 vulnerabilities

3 minute read time

This Week in Malware we discuss a malicious npm package that disables Windows Defender before dropping a trojan, and ongoing dependency confusion findings.

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

By Ax Sharma on May 24, 2022 vulnerabilities

5 minute read time

Popular Python package 'ctx' that is downloaded over 22,000 times weekly on PyPI registry has been compromised and now steals environment variables. Additionally, a forked PHP project 'phpass' also

86 Malicious npm Packages Named After Popular NodeJS Functions

By Ax Sharma on March 28, 2022 vulnerabilities

4 minute read time

Sonatype has now discovered 83 packages on the npm open source repository named after popular NodeJS & JavaScript functions that exfiltrate system information.