Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Trojanized jQuery Strikes Again: A Comedy of Errors in Supply Chain Security
Trojanized jQuery versions are spreading on npm, GitHub, and jsDelivr in a complex supply chain attack. Phylum reports that the malware is cleverly hidden in jQuery’s “end” function, affecting 68 packages. This manual assembly of packages contrasts with typical automated attacks, adding a new layer…
Hot Take:
When life gives you jQuery, don’t let it turn into a trojan horse. Or worse, a Trojan.js! We’ve officially entered the era where even your npm packages are playing an elaborate game of “Guess Who’s Infected?”
Key Points:
- Threat actors are distributing trojanized versions of jQuery via npm, GitHub, and jsDelivr.
- Phylum identified this as a complex and persistent supply chain attack.
- Malware is hidden in the seldom-used ‘end’ function of jQuery.
- 68 compromised packages were published between May 26 and June 23, 2024.
- Evidence suggests manual assembly and publication of these malicious packages.
Already a member? Log in here