Tag: packagist
2 articles

North Korean Hackers Publish 108 Malicious Packages in PolinRider Campaign
North Korean hackers have unleashed a massive wave of malware, publishing 108 malicious packages and web browser extensions across popular platforms like npm, Packagist, Go, and Google Chrome as part of their sneaky PolinRider campaign. This ongoing operation has already produced 162 malicious release artifacts and compromised thousands of systems worldwide.

GitHub-Hosted Malware Targets PHP Packages in Coordinated Supply Chain Attack
Malicious code was injected into eight PHP packages on Packagist, triggering a Linux binary download from GitHub Releases via JavaScript lifecycle hooks in package.json postinstall scripts. The attack was swiftly contained, with the malicious versions removed from Packagist.