沙丘2.0供应链泄露
Vercel News Vercel News ·

沙丘2.0供应链泄露
💡 原文英文,约200词,阅读约需1分钟。
📝

内容提要

多个npm包因账户接管遭攻击,恶意代码被添加至package.json。Vercel确认未受影响,已重置缓存并通知受影响客户,正在调查中。

🎯

关键要点

  • 多个npm包因账户接管遭攻击,恶意代码被添加至package.json。
  • 攻击者添加了隐蔽的加载器,定位Bun运行时并执行恶意脚本。
  • Vercel确认未受影响,已重置缓存并通知受影响客户。
  • Vercel正在调查是否有加载器成功运行。
  • 初步分析显示有限的Vercel客户构建引用了受损包。
  • 受影响的客户将直接联系并提供详细的缓解步骤。
  • Vercel将持续发布调查更新。
🏷️

标签

Vercel npm包 供应链 恶意代码 调查 账户接管
➡️

继续阅读

  1. Marshall’s new hub connects to multiple Bluetooth speakers without pairing
    Marshall has announced a new music streaming hub called the Heddon that can b...
  2. Today only, you can buy the AirPods Pro 3 for less than $200
    If you’re considering gifting the AirPods Pro 3 for Valentine’s Day, now’s a ...
  3. Giving your healthcare info to a chatbot is, unsurprisingly, a terrible idea
    Every week, more than 230 million people ask ChatGPT for health and wellness ...
  4. 更多的安全工具正在拖慢您的事件响应速度
    Time plays a crucial role in an organization’s defense posture, including the...
  5. VoidZero发布Oxfmt Alpha版,具备Rust驱动的性能和Prettier兼容性
    VoidZero has unveiled Oxfmt, a cutting-edge Rust-based code formatter that of...
  6. Why this winter storm will likely be a wild one
    Most of the US is bracing for a prolonged stretch of frigid weather and a mas...
👤 个人中心
在公众号发送验证码完成验证