Advertisement
Top
image credit: Pixabay

Packagist Repository Hacked: Over a Dozen PHP Packages with 500 Million Compromised

May 5, 2023

Via: The Hacker News
Category:

PHP software package repository Packagist revealed that an “attacker” gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date.

“The attacker forked each of the packages and replaced the package description in composer.json with their own message but did not otherwise make any malicious changes,” Packagist’s Nils Adermann said. “The package URLs were then changed to point to the forked repositories.”

Read More on The Hacker News

RELATED PUBLICATIONS

5 Hard Truths About the State of Cloud Security 2024
API sprawl: navigating the web of connectivity and security challenges
NIST updates Cybersecurity Framework after a decade of lessons

Latest Publications

Google fixed critical Chrome vulnerability CVE-2024-4058
North Korean Hackers Hijack Antivirus Updates for Malware Delivery
AI set to play key role in future phishing attacks
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!