Malicious NPM Package Exploits React Native Documentation Example
(checkmarx.com)
from Joker@sh.itjust.works to cybersecurity@infosec.pub on 28 Nov 17:07
https://sh.itjust.works/post/28747269
from Joker@sh.itjust.works to cybersecurity@infosec.pub on 28 Nov 17:07
https://sh.itjust.works/post/28747269
A recent discovery revealed how official documentation can become an unexpected attack vector for supply chain attacks. It happened when an npm package called “rtn-centered-text” exploited an example from React Native’s Fabric Native Components guide in an attempt to trick developers into downloading their package, putting systems at risk.
threaded - newest