Cloud Security Alliance News Clipping Site

Tag: typosquatting

  • The Register: Ongoing typosquatting campaign impersonates hundreds of popular npm packages

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/05/typosquatting_npm_campaign/ Source: The Register Title: Ongoing typosquatting campaign impersonates hundreds of popular npm packages Feedly Summary: Puppeteer or Pupeter? One of them will snoop around on your machine and steal your credentials An ongoing typosquatting campaign is targeting developers via hundreds of popular JavaScript libraries, whose weekly downloads number in the tens of…

  • Slashdot: GitHub Actions Typosquatting: a High-Impact Supply Chain Attack-in-Waiting?

    by

    system automation
    in

    Source URL: https://developers.slashdot.org/story/24/09/07/0427219/github-actions-typosquatting-a-high-impact-supply-chain-attack-in-waiting?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: GitHub Actions Typosquatting: a High-Impact Supply Chain Attack-in-Waiting? Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the vulnerabilities intrinsic to the GitHub Actions ecosystem, particularly focusing on the threat of typosquatting. It highlights how this form of attack can lead to significant risks in software supply…