Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Hackers Hijack jQuery: 68 Malicious Packages Uncovered in Latest Supply Chain Attack
Hackers are targeting software developers with a complex supply chain attack. Phylum discovered dozens of malicious libraries impersonating jQuery on npm, GitHub, and jsDelivr, cleverly hiding malware in seldom-used functions.
Hot Take:
Look out, developers! It seems like hackers have decided to play a game of hide-and-seek in your jQuery libraries. If only they could use their skills for good, like making a reliable coffee-fetching bot for those late-night coding sessions.
Key Points:
- Hackers are targeting software developers through a complex supply chain attack.
- Unidentified hackers distributed dozens of malicious libraries on npm, GitHub, and jsDelivr.
- The libraries impersonate jQuery and hide malware in the seldom-used ‘end’ function.
- 68 malicious packages identified so far, suggesting a manual rather than automated approach.
- PyPI and GitHub have previously been forced to take preventive measures against similar attacks.
Already a member? Log in here