In what’s the latest instance of a software supply chain attack, unknown threat actors managed to compromise Toptal’s GitHub organization account and leveraged that access to publish 10 malicious packages to the npm registry.
\nThe packages contained code to exfiltrate GitHub authentication tokens and destroy victim systems, Socket said in a report published last week. In addition, 73 repositories<\/p>","protected":false},"excerpt":{"rendered":"
In what’s the latest instance of a software supply chain attack, unknown threat actors managed to compromise Toptal’s GitHub organization account and leveraged that access to publish 10 malicious packages…<\/p>\n","protected":false},"author":1,"featured_media":1080,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"saved_in_kubio":false,"footnotes":""},"class_list":["post-1079","page","type-page","status-publish","has-post-thumbnail","hentry"],"kubio_ai_page_context":{"short_desc":"","purpose":"general"},"_links":{"self":[{"href":"https:\/\/infosec-daily.com\/index.php?rest_route=\/wp\/v2\/pages\/1079","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec-daily.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/infosec-daily.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/infosec-daily.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec-daily.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1079"}],"version-history":[{"count":0,"href":"https:\/\/infosec-daily.com\/index.php?rest_route=\/wp\/v2\/pages\/1079\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/infosec-daily.com\/index.php?rest_route=\/wp\/v2\/media\/1080"}],"wp:attachment":[{"href":"https:\/\/infosec-daily.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1079"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}