Follow

Three npm packages found opening shells on Linux, Windows systems:

zdnet.com/article/three-npm-pa

The packages are plutov-slack-client, nodetest199, and nodetest1010.

npm security team: "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer."

Sign in to participate in the conversation
chaos.social

chaos.social – a Fediverse instance for & by the Chaos community