Two malicious npm packages, express-api-sync and system-health-sync-api, have been discovered, posing a significant threat to production systems. Published under the npm alias “botsailer,” the packages install backdoors capable of deleting all files within an application. Unlike typical malware, these tools prioritise data destruction over theft, highlighting a growth in software supply chain threats. Socket’s Threat Research Team urges developers to use behavioural scanning tools to detect such threats.
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
It has been a bad six weeks for security firm Checmarx. Over the past 40 days, it has been the victim of at least one
