Skip to main content

Tag: packagist

2 articles

Cluttered software development workspace with computer screens and terminals, one central laptop lid slightly ajar.

North Korean Hackers Publish 108 Malicious Packages in PolinRider Campaign

North Korean hackers have unleashed a massive wave of malware, publishing 108 malicious packages and web browser extensions across popular platforms like npm, Packagist, Go, and Google Chrome as part of their sneaky PolinRider campaign. This ongoing operation has already produced 162 malicious release artifacts and compromised thousands of systems worldwide.

Analyst 207
Laptop and development tools sit on a cluttered workspace surrounded by generic technology equipment.

GitHub-Hosted Malware Targets PHP Packages in Coordinated Supply Chain Attack

Malicious code was injected into eight PHP packages on Packagist, triggering a Linux binary download from GitHub Releases via JavaScript lifecycle hooks in package.json postinstall scripts. The attack was swiftly contained, with the malicious versions removed from Packagist.

Analyst 207