Amazon and Slack being targeted by malicious NPM packages

02-March-21

Attackers are targeting Amazon, Zillow, Lyft, and Slack NodeJS apps using a new ‘Dependency Confusion’ vulnerability to steal Linux/Unix password files and open reverse shells back to the attackers.

Read More…