Get the latest tech news
Unverified NPM Account Takeover Vulnerability for Sale on Dark Web Forum
A threat actor on BreachForums is selling an unverified npm vulnerability for account takeover, but npm has not officially confirmed the existence of this security concern.
Dark Web Informer is reporting a threat actor is selling a critical, unverified npmjs vulnerability that would allegedly allow for account takeover. It’s the gateway to the wide world of applications that depend on open source JavaScript, attracting threat actors who relentlessly target npmjs accounts for distributing malicious code. Package authors and organizations using npm should monitor their accounts for unusual activity, maintain the registration of the domains associated with their email addresses, and use strong, unique passwords.
Or read this on Hacker News
/cdn.vox-cdn.com/uploads/chorus_asset/file/25404243/Stream_Deck_Neo_Lifestyle_Shot_03.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/13391951/akrales_181101_3056_0275.jpg)
