pgserve 1.1.11 through 1.1.13 are compromised, and the code is surprisingly clean
Supply chain attacks are having a moment. The postinstall script is a 41KB credential stealer. What's interesting is there's no obfuscation at all. No eval, no atob, no curl piped to shell. Just well written javascript using standard node APIs. require('https'), execSync, fs.readFileSync, crypto.pu
ORIGINAL SOURCE →via Reddit r/cybersecurity
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · finance
- [FINANCE] 24 NİSAN CANLI ALTIN FİYATLARI| Bugün Gram, Çeyrek, Tam Altın Ne Kadar? Kapalı Çarşı Altın Fiyatları Ne Durumda? Altın Fiyatlarında Son Dakika Düşüş!
- [FINANCE] Alibaba Backs Zelos IPO As Investors Reassess Logistics Value In BABA - simplywall.st
- [FINANCE] Feeling gloomy about the economy? The ‘vibecession’ has arrived in Australia – but experts are less worried
- [FINANCE] What to Think of FX Carry Trade Revival: 3-Minutes MLIV
- [FINANCE] Panama Canal pricing surge is starting to reflect a deeper shift in global trade flows
- [FINANCE] Oklar, Ankara'daki o isme çevrildi! İsrail'in odağı...