Malicious NPM packages target Amazon, Slack with new dependenc | BleepingComputer
Malicious NPM packages target Amazon, Slack with new dependency attacks
Threat actors are targeting Amazon, Zillow, Lyft, and Slack NodeJS apps using the new 'Dependency Confusion' vulnerability to steal Linux/Unix password files and open reverse shells back to the attackers. [...]
https://www.bleepingcomputer.com/news/security/malicious-npm-packages-target-amazon-slack-with-new-dependency-attacks/