A phishing group has uploaded over 144,000 malicious open source packages to three open source repositories, in a major new automated campaign, according to Checkmarx.
Working with fellow security vendor Illustria, the firm first discovered the campaign a few months ago when it noticed large clusters of packages published to the NuGet package manager.
It discovered 135,000 such packages were uploaded by the same threat actor to the same platform, with a further 212 on npm and 7824 on…
Source link