“Delivery“ Malicious NPM Packages Target Amazon and Slack with Dependency Attacks

Malicious NPM Packages

Threat actors are targeting companies to include Zillo, Amazon and Slack’s NodeJS applications by using a new vulnerability known as “Dependency Confusion”. By utilising this vulnerability, attacks can steal Unix based system password files and open reverse shells back to an attacker. The attacker creates packages utilising the same names as a company’s internal component […]

Risk Crew