Mastouille

The New OilFake <a href="https://mastodon.thenewoil.org/tags/WhatsApp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WhatsApp</a> developer libraries hide destructive data-wiping code<a href="https://www.bleepingcomputer.com/news/security/fake-whatsapp-developer-libraries-hide-destructive-data-wiping-code/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/fake-whatsapp-developer-libraries-hide-destructive-data-wiping-code/</a><a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mastodon.thenewoil.org/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> <a href="https://mastodon.thenewoil.org/tags/Meta" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Meta</a>

Sync-in🚀 Sync-in Server 1.3.0 is now available on NPM!🧱 Install it as a native Node.js package 🖥️ Use the CLI (sync-in-server) to manage config, start/stop the server, run DB migrations, and moreThis release makes it easier than ever to integrate Sync-in into your existing infrastructure !📥 More info: <a href="https://sync-in.com/docs/setup-guide/npm" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://sync-in.com/docs/setup-guide/npm</a> <a href="https://mastodon.social/tags/release" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#release</a> <a href="https://mastodon.social/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> <a href="https://mastodon.social/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://mastodon.social/tags/foss" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#foss</a> <a href="https://mastodon.social/tags/nodejs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nodejs</a> <a href="https://mastodon.social/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> <a href="https://mastodon.social/tags/typescript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#typescript</a> <a href="https://mastodon.social/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#selfhosting</a> <a href="https://mastodon.social/tags/selfhosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#selfhosted</a> <a href="https://mastodon.social/tags/selfhoster" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#selfhoster</a> <a href="https://mastodon.social/tags/syncin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#syncin</a> <a href="https://mastodon.social/tags/sync_in" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sync_in</a>

kalvnUne réflexion sur l'utilité relative des *lockfiles*, ces fichiers qui gardent trace de la version exacte de chacune des dépendances d'un projet, incluant les dépendances de dépendances, etc.🔗 <a href="https://tonsky.me/blog/lockfiles/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://tonsky.me/blog/lockfiles/</a><a href="https://mastodon.xyz/tags/dependances" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dependances</a> <a href="https://mastodon.xyz/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a>

The New OilHackers breach <a href="https://mastodon.thenewoil.org/tags/Toptal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Toptal</a> <a href="https://mastodon.thenewoil.org/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GitHub</a> account, publish malicious <a href="https://mastodon.thenewoil.org/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> packages<a href="https://www.bleepingcomputer.com/news/security/hackers-breach-toptal-github-account-publish-malicious-npm-packages/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/hackers-breach-toptal-github-account-publish-malicious-npm-packages/</a><a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

The New Oil<a href="https://mastodon.thenewoil.org/tags/NPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NPM</a> package ‘<a href="https://mastodon.thenewoil.org/tags/is" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#is</a>’ with 2.8M weekly downloads infected devs with <a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a><a href="https://www.bleepingcomputer.com/news/security/npm-package-is-with-28m-weekly-downloads-infected-devs-with-malware/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/npm-package-is-with-28m-weekly-downloads-infected-devs-with-malware/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

github.com/ghostwriterThe popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices.<a href="https://www.bleepingcomputer.com/news/security/npm-package-is-with-28m-weekly-downloads-infected-devs-with-malware/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/npm-package-is-with-28m-weekly-downloads-infected-devs-with-malware/</a><a href="https://phpc.social/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a>

The New OilPopular <a href="https://mastodon.thenewoil.org/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> <a href="https://mastodon.thenewoil.org/tags/linter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#linter</a> packages hijacked via <a href="https://mastodon.thenewoil.org/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phishing</a> to drop <a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a><a href="https://www.bleepingcomputer.com/news/security/popular-npm-linter-packages-hijacked-via-phishing-to-drop-malware/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/popular-npm-linter-packages-hijacked-via-phishing-to-drop-malware/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mastodon.thenewoil.org/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JavaScript</a>

Hackread.com🚨 A fake npm website tricked a maintainer into giving up their token, letting attackers push malware into popular JS packages.Details: <a href="https://hackread.com/fake-npm-website-used-push-malware-via-stolen-token/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://hackread.com/fake-npm-website-used-push-malware-via-stolen-token/</a><a href="https://mstdn.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://mstdn.social/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> <a href="https://mstdn.social/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JavaScript</a> <a href="https://mstdn.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://mstdn.social/tags/supplychainsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#supplychainsecurity</a>

nemo™ 🇺🇦🚨 North Korean hackers unleashed 67 malware-ridden packages on npm in their ongoing "Contagious Interview" campaign, spreading the XORIndex loader to steal data & FckCrypto 🕵️‍♂️💻 Over 17,000 downloads caught in this supply chain attack! Stay vigilant & verify packages carefully! <a href="https://mas.to/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://mas.to/tags/NPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NPM</a> <a href="https://mas.to/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://mas.to/tags/SupplyChainAttack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SupplyChainAttack</a>Read more: <a href="https://www.techradar.com/pro/security/north-korean-hackers-release-malware-ridden-packages-into-npm-registry" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.techradar.com/pro/security/north-korean-hackers-release-malware-ridden-packages-into-npm-registry</a> <a href="https://mas.to/tags/newz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#newz</a>

The New OilNorth Korean <a href="https://mastodon.thenewoil.org/tags/XORIndex" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#XORIndex</a> <a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> hidden in 67 malicious <a href="https://mastodon.thenewoil.org/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> packages<a href="https://www.bleepingcomputer.com/news/security/north-korean-xorindex-malware-hidden-in-67-malicious-npm-packages/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/north-korean-xorindex-malware-hidden-in-67-malicious-npm-packages/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mastodon.thenewoil.org/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NorthKorea</a>

securityaffairs<a href="https://infosec.exchange/tags/North" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#North</a> <a href="https://infosec.exchange/tags/Korea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Korea</a>-linked actors spread <a href="https://infosec.exchange/tags/XORIndex" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#XORIndex</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> via 67 malicious <a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> packages <a href="https://securityaffairs.com/179950/hacking/north-korea-linked-actors-spread-xorindex-malware-via-67-malicious-npm-packages.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityaffairs.com/179950/hacking/north-korea-linked-actors-spread-xorindex-malware-via-67-malicious-npm-packages.html</a> <a href="https://infosec.exchange/tags/securityaffairs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#securityaffairs</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a>

LinuxiacNginx Proxy Manager 2.12.4 lands with API schema fixes, performance improvements, and a batch of new DNS providers for Certbot plugin support. <a href="https://linuxiac.com/nginx-proxy-manager-2-12-4-released-with-certbot-enhancements/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://linuxiac.com/nginx-proxy-manager-2-12-4-released-with-certbot-enhancements/</a><a href="https://mastodon.social/tags/nginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nginx</a> <a href="https://mastodon.social/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> <a href="https://mastodon.social/tags/proxy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#proxy</a> <a href="https://mastodon.social/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a>

The New OilNew wave of ‘fake interviews’ use 35 <a href="https://mastodon.thenewoil.org/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> packages to spread <a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a><a href="https://www.bleepingcomputer.com/news/security/new-wave-of-fake-interviews-use-35-npm-packages-to-spread-malware/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/new-wave-of-fake-interviews-use-35-npm-packages-to-spread-malware/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mastodon.thenewoil.org/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NorthKorea</a> <a href="https://mastodon.thenewoil.org/tags/JobHunting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JobHunting</a>

Zander"npmgraph - NPM Dependency Diagrams" - Graph / visualize of npm dependencies <a href="https://npmgraph.js.org/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://npmgraph.js.org/</a> <a href="https://toot.cafe/tags/Npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Npm</a> <a href="https://toot.cafe/tags/DevJs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DevJs</a> • New <a href="https://toot.cafe/tags/link" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#link</a> just added to <a href="https://toot.cafe/tags/Otter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Otter</a>.

The New Oil<a href="https://mastodon.thenewoil.org/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> found in <a href="https://mastodon.thenewoil.org/tags/NPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NPM</a> packages with 1 million weekly downloads<a href="https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-gluestack-npm-packages-with-960k-weekly-downloads/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-gluestack-npm-packages-with-960k-weekly-downloads/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

The New OilMalicious <a href="https://mastodon.thenewoil.org/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> packages posing as utilities delete project directories<a href="https://www.bleepingcomputer.com/news/security/malicious-npm-packages-posing-as-utilities-delete-project-directories/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/malicious-npm-packages-posing-as-utilities-delete-project-directories/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

Hackread.com🚨 New: Backdoors found in Python & NPM packages targeting Windows & Linux! Attackers use fake ‘colorama’ & ‘colorizr’ to steal data + gain remote access.🔗 Read more: <a href="https://hackread.com/backdoors-python-npm-packages-windows-linux/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://hackread.com/backdoors-python-npm-packages-windows-linux/</a><a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://mstdn.social/tags/Backdoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Backdoor</a> <a href="https://mstdn.social/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Python</a> <a href="https://mstdn.social/tags/NPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NPM</a> <a href="https://mstdn.social/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a>

The New OilDozens of malicious packages on <a href="https://mastodon.thenewoil.org/tags/NPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NPM</a> collect host and network data<a href="https://www.bleepingcomputer.com/news/security/dozens-of-malicious-packages-on-npm-collect-host-and-network-data/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/dozens-of-malicious-packages-on-npm-collect-host-and-network-data/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

The New OilDestructive <a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> available in <a href="https://mastodon.thenewoil.org/tags/NPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NPM</a> repo went unnoticed for 2 years<a href="https://arstechnica.com/information-technology/2025/05/destructive-malware-available-in-npm-repo-went-unnoticed-for-2-years/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://arstechnica.com/information-technology/2025/05/destructive-malware-available-in-npm-repo-went-unnoticed-for-2-years/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

IT NewsDestructive malware available in NPM repo went unnoticed for 2 years - Researchers have found malicious software that received more... - <a href="https://arstechnica.com/information-technology/2025/05/destructive-malware-available-in-npm-repo-went-unnoticed-for-2-years/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://arstechnica.com/information-technology/2025/05/destructive-malware-available-in-npm-repo-went-unnoticed-for-2-years/</a> <a href="https://schleuss.online/tags/coderepositories" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#coderepositories</a> <a href="https://schleuss.online/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://schleuss.online/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://schleuss.online/tags/biz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#biz</a>⁢ <a href="https://schleuss.online/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a>

Recherches récentes

Options de recherche

Administré par :

Statistiques du serveur :

#npm