Hijacking S3 Buckets: New Attack Technique
Hijacking S3 Buckets: New Attack Technique
checkmarx.com Hijacking S3 Buckets: New Attack Technique
Without altering a single line of code, attackers poisoned the NPM package “bignum” by hijacking the S3 bucket serving binaries necessary for its function and replacing them with malicious ones
It seems like attackers have discovered a way to leverage NPM packages to deliver malicious binaries without needing to make any changes to the NPM package itself.
You're viewing a single thread.
1 comments
Interesting! I wonder how much of this is already happening that people just haven't noticed yet.