Julien M. · @julm
486 followers · 4935 posts · Server framapiaf.org#InfoSec #SupplyChain
> The Open Source Security Foundation (#OpenSSF) has announced the initial prototype release of a new #tool that's capable of carrying out dynamic #analysis of all packages uploaded to popular #OpenSource repositories.
> In a test run that lasted a month, the tool identified more than 200 malicious packages uploaded to #PyPI and #NPM, with a majority of the rogue libraries leveraging #DependencyConfusion and #TypoSquatting attacks.
https://thehackernews.com/2022/05/heres-new-tool-that-scans-for-malicious.html
#typosquatting #DependencyConfusion #npm #pypi #opensource #analysis #tool #OpenSSF #supplychain #infosec
Antonio Hdez. Blas 🔵 · @nihilipster
105 followers · 264 posts · Server fosstodon.org"In this post, I demonstrate that critical parts of the #Haskell package management system are vulnerable to the #DependencyConfusion supply chain attack." #security #cabal #hackage
https://frasertweedale.github.io/blog-fp/posts/2021-02-12-haskell-dependency-confusion.html
#haskell #hackage #DependencyConfusion #security #cabal