TechSecInfo

The tech + cyber briefing: what happened, why it matters, and where it came from.

Cyber Security

Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks

By rooter

Cybersecurity researchers have discovered a malicious package in the Python Package Index (PyPI) repository that introduces malicious behavior through a dependency that allows it to establish persistence and achieve code execution.
The package, named termncolor, realizes its nefarious functionality through a dependency package called colorinal by means of a multi-stage malware operation, Zscaler

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

By rooter

Related Post

Cyber Security

New RFP Template for AI Usage Control and AI Governance 

rooter
Cyber Security

Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux

rooter
Cyber Security

APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2

rooter

Leave a Reply

You Missed

News

Seth MacFarlane Still Hopes ‘The Orville’ Might Return

News

From phishing to Google Drive C2: Silver Dragon expands APT41 playbook

News

5 practical cybersecurity steps for small financial services businesses

News

6 Horrifying Fictional Diseases and Their Real-Life Inspirations