BlablaLinux5h ago

Marre des logs NPM tout gris ? Je vous ai préparé une nouvelle variante de colorisation pour votre terminal !

Un coup de Bash et hop, tout devient plus clair à repérer :
🔵 IP client
🟢 Pays OK
🔴 Pays bloqué
🟡 Domaine
🟣 Code HTTP

Le code est ici 👇
👉 https://privatebin.blablalinux.be/?41ae048c9c122ae7#CSodkfFCWSUEgwiSe2Ekt5GcmEhy2zQxXeAfn2kntdui

#NPM #Linux #SysAdmin #Bash #BlablaLinux

Rod2ik 🇪🇺 🇨🇵 🇪🇸 🇨🇱 🇺🇦 🇨🇦 🇬🇱 ☮🕊️1d ago
#IronWorm : Un #virus qui se propage de #PC en #PC , et stocké dans #npm : une #cyberattaque #mondiale #massive a été évitée de justesse... www.01net.com/actualites/v...

Un virus qui se propage de PC ...
Rod2ik 🇪🇺 🇨🇵 🇪🇸 🇨🇱 🇺🇦 🇨🇦 🇬🇱☮🕊️1d ago

#IronWorm : Un #virus qui se propage de #PC en #PC , et stocké dans #npm : une #cyberattaque #mondiale #massive a été évitée de justesse...

https://www.01net.com/actualites/virus-qui-propage-pc-cyberattaque-massive-evitee-justesse.html

Show threadARGVMI~1.PIF1d ago

Uh, but also, I'm not actually confident that Microsoft *won't* get supply-chained themselves. Their products use all of the same libraries I'm right now telling #npm not to install. Their CI vulnerabilities are enabling the supply-chain attacks I'm trying to avoid.

Argh.

Maybe I should try using a #Sass implementation written in #Rust or something instead, and ditch npm entirely. At least for this project.

#programming #security #cybersecurity #infosec

ARGVMI~1.PIF1d ago

I see that modern #npm has a `before` option that prohibits installing package versions released after a certain date.

Excellent. I'll just go ahead and set that to forever ago, before “all your supply chain are belong to us” happened.

Now I just have to hope and pray that Node.js, npm, and the npm registry (i.e. Microsoft) don't get supply-chained themselves…

#programming

Hackread.com1d ago

📣🚨 32 Red Hat npm packages were compromised by Miasma malware after attackers abused a hacked GitHub account to push malicious updates, exposing cloud and CI/CD secrets.

Read: https://hackread.com/miasma-malware-red-hat-packages-github-account/

#RedHat #npm #GitHub #Miasma #Malware #Cybersecurity

Miasma Malware Hits 32 Red Hat Packages via Compromised GitHub Account

32 Red Hat npm packages compromised by Miasma malware expose cloud tokens, CI/CD secrets and developer credentials in supply chain attack.

Hackread - Cybersecurity News, Data Breaches, AI and More
Frankie ✅1d ago

New IronWorm malware hits 36 packages in npm supply-chain attack

https://www.bleepingcomputer.com/news/security/new-ironworm-malware-hits-36-packages-in-npm-supply-chain-attack/

#tech #technology #news #technews #security #privacy #npm #nodejs

New IronWorm malware hits 36 packages in npm supply-chain attack

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm.

BleepingComputer
Analyst2071d ago

Malware Worms Infect npm Ecosystem in Dual Supply Chain Attacks

Meet IronWorm, a sneaky Rust-based malware that's infecting the npm ecosystem by scraping sensitive secrets from developers' machines and spreading through poisoned packages. This stealthy threat hides behind an eBPF kernel rootkit and communicates with its operators over Tor.

https://osintsights.com/malware-worms-infect-npm-ecosystem-in-dual-supply-chain-attacks?utm_source=mastodon&utm_medium=social

#MalwareOperations #SupplyChain #Npm #Ironworm #Rust

Malware Worms Infect npm Ecosystem in Dual Supply Chain Attacks

Learn how malware worms infect npm ecosystem via dual supply chain attacks, discover IronWorm's tactics, and protect your projects now with expert insights.

OSINTSights
PrivacyDigest1d ago

New #IronWorm #Malware Hits 36 Packages In #npm Supply-Chain Attack
#supplychain #security

https://it.slashdot.org/story/26/06/04/1948205/new-ironworm-malware-hits-36-packages-in-npm-supply-chain-attack?utm_source=rss1.0mainlinkanon&utm_medium=feed

New IronWorm Malware Hits 36 Packages In npm Supply-Chain Attack - Slashdot

A new npm supply-chain attack has infected 36 packages with Rust-based infostealer malware called IronWorm. According to BleepingComputer, the malware "targets 86 environment variables (key-value pairs) and 20 credential files that may contain OpenAI, AWS, Anthropic, and npm credentials, vault confi...

131d ago
This Week in Security: Messing with AI, 7Zip and Notepad++ Vulnerabilities, HTTP2 Bomb, and More https://hackaday.com/2026/06/05/this-week-in-security-messing-with-ai-7zip-and-notepad-vulnerabilities-http2-bomb-and-more/
#HackadayColumns #SecurityHacks #7zip #Ai #Cisa #Http2 #Meta #Microsoft #Mxc #Nist #Notepad #NPM #Nvd #Redhat #Security #ThisWeekinSecurity #Wifi #Worm
This Week In Security: Messing With AI, 7Zip And Notepad++ Vulnerabilities, HTTP2 Bomb, And More

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the AGENTS.…

Hackaday